| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.07.2013, 13:58
| #1 |
 |  Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden Hallo community, ich bin neu hier und würde gern eure Hilfe in Anspruch nehmen. Folgendes Problem: Bekannte von mir haben mich gefragt, ob ich mir mal ihren Rechner ansehen kann weil dieser "komische" Meldungen anzeigt. Das habe ich nun getan und auch einiges festgestellt. Gleich nach dem ersten Neustart meldete sich das Microsoft Tool zum Entfernen bösartiger Software und zeigte, dass es einen Virus namens PWS:Win32/Zbot.gen!AM gefunden hat. Ein Neustart sollte durchgeführt werden und folgendes fand ich dann im logfile des Tools. Code:
ATTFilter Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Sun Jul 21 11:51:21 2013
Quick Scan Results for 6EB31004-9CB5-4B17-9598-9D3116AFFF21:
----------------
->Scan ERROR: resource process://pid:4204 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4272 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:5236 (code 0x0000012B (299))
Threat detected: PWS:Win32/Zbot.gen!AM
containerfile://C:\Users\***\AppData\Roaming\Wexyt\ynim.exe
SHA1: A06138424020C21F2EA3312B9E46867F763AA371
file://C:\Users\***\AppData\Roaming\Wexyt\ynim.exe->[Obfuscator.QG]
SigSeq: 0x0000E178B083517A
SHA1: A06138424020C21F2EA3312B9E46867F763AA371
process://pid:3532
regkey://HKCU@S-1-5-21-142382650-3986760438-10477542-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Ynim
runkey://HKCU@S-1-5-21-142382650-3986760438-10477542-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Ynim
Quick Scan Removal Results
----------------
Start 'remove' for process://pid:3532
Operation succeeded !
Start 'remove' for regkey://HKCU@S-1-5-21-142382650-3986760438-10477542-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Ynim
Operation succeeded !
Start 'remove' for runkey://HKCU@S-1-5-21-142382650-3986760438-10477542-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Ynim
Operation succeeded !
Start 'remove' for file://\\?\C:\Users\***\AppData\Roaming\Wexyt\ynim.exe->[Obfuscator.QG]
Operation was scheduled to be completed after next reboot.
Results Summary:
----------------
For cleaning PWS:Win32/Zbot.gen!AM, the system needs to be restarted.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jul 21 11:52:30 2013
Return code: 12 (0xc)
Kurzform der Konversation: Berichtet, dass sie einen Virus drauf haben. Ich empfohlen Rechner neu aufzusetzen. Beide total geschockt und entgeistert gefragt, ob das nicht anders zu reparieren geht. Gutmütig wie ich bin, hab ich zugesagt und mich jetzt der Virusbekämpfung verschrieben.  Da ich nicht weiß, ob ich alles gefunden habe, melde ich mich nun hier bei euch. Folgendes habe ich schon durchgeführt: 1. Komplettscan mit Malwarebytes --> zwei Funde Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.21.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 *** :: ***-PC [Administrator] 21.07.2013 12:18:06 mbam-log-2013-07-21 (12-18-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 468745 Laufzeit: 14 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\System\CurrentControlSet\Services\SkyNetU2CBDA_AMD64 (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Roaming\Aveva\oxija.exe (Trojan.Agent.rf) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 3. OTL --> Quickscan Log: OTL.txt Code:
ATTFilter OTL logfile created on: 21.07.2013 13:47:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,44 Gb Available Physical Memory | 68,13% Memory free 15,96 Gb Paging File | 13,44 Gb Available in Paging File | 84,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 34,89 Gb Free Space | 31,21% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.21 13:38:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.08.14 00:32:04 | 001,572,864 | ---- | M] (Edimax Technology Co., Ltd.) -- C:\Program Files (x86)\Edimax\Common\RaUI.exe PRC - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2009.07.03 18:34:26 | 000,811,008 | ---- | M] () -- C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll ========== Services (SafeList) ========== SRV - [2013.07.21 13:19:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.11.18 04:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.07.14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.07.21 11:56:00 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.07.21 11:56:00 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.07.21 11:56:00 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.07.22 20:09:40 | 000,277,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.01 16:20:48 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.05.26 09:20:04 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.29 18:55:44 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.05.10 09:09:34 | 000,270,424 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SkyNetU2C_AMD64.sys -- (SKYNETU2C) DRV:64bit: - [2010.04.28 09:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.03 17:31:40 | 000,982,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F C0 5B E7 D0 D9 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{47D354BB-583D-49D0-B585-A1E525362CF4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0F1AC976-7A0C-4006-9A17-B40D3858CB41&apn_sauid=C88B670D-302A-481E-AF1C-018EC4D35E19 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.11 20:20:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.09.27 16:56:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.07.21 11:55:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.11 20:20:19 | 000,000,000 | ---D | M] [2013.07.21 11:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.07.21 11:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i0ekc3bw.default\extensions [2013.07.21 11:41:56 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\i0ekc3bw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.21 11:43:03 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\i0ekc3bw.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.07.21 12:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.21 11:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.21 11:40:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.07.21 11:55:50 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C8592ED-BE47-4516-977A-FFA968384A7E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BDD11DE-325E-401B-929C-1C3A3C4F557A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB0155B1-EA5D-454A-A515-A9C13485AE1E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF80A1ED-C7BB-4708-93FF-5156F29FA6D7}: DhcpNameServer = 0.0.0.0 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{07aa8648-46be-11e1-a09d-8c89a57ce71f}\Shell - "" = AutoRun O33 - MountPoints2\{07aa8648-46be-11e1-a09d-8c89a57ce71f}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{dce6a8da-1999-11e1-8e33-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{dce6a8da-1999-11e1-8e33-806e6f6e6963}\Shell\AutoRun\command - "" = D:\cdstart.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.21 13:38:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.07.21 12:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.07.21 12:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.07.21 12:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire [2013.07.21 12:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire [2013.07.21 12:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.07.21 12:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.07.21 12:10:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.07.21 12:10:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.21 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.21 12:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.21 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.21 12:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.07.21 11:55:56 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.07.21 11:55:56 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.07.21 11:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.07.21 11:55:55 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.07.21 11:55:55 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.07.21 11:55:55 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.07.21 11:55:54 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.07.21 11:55:54 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.07.21 11:55:43 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.07.21 11:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.07.21 11:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.07.21 11:40:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2013.07.21 11:40:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2013.07.21 11:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.07.21 11:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.21 11:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.07.04 15:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\A86F7BE40715AB180000A86ED37DB398 [2013.06.26 20:13:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Probleme (Lichtenhain) ========== Files - Modified Within 30 Days ========== [2013.07.21 13:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.21 13:38:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.07.21 13:37:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.07.21 13:36:02 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.07.21 13:15:59 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.21 13:15:59 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.21 13:08:54 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.21 13:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.21 13:08:41 | 2132,443,135 | -HS- | M] () -- C:\hiberfil.sys [2013.07.21 13:01:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013.07.21 12:58:40 | 003,882,918 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.21 12:58:40 | 001,560,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.21 12:58:40 | 001,133,204 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.21 12:58:40 | 001,005,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.21 12:58:40 | 000,005,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.21 12:07:48 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.07.21 11:56:00 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.07.21 11:56:00 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.07.21 11:56:00 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.07.21 11:56:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.07.21 11:56:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.07.21 11:56:00 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.07.21 11:55:56 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.07.21 11:55:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.07.21 11:53:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.21 11:52:27 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2013.07.21 11:40:27 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.21 11:35:23 | 520,651,347 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2013.07.21 13:37:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.07.21 13:36:01 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.07.21 12:07:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.07.21 12:07:48 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.07.21 11:56:00 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.07.21 11:56:00 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.07.21 11:56:00 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.07.21 11:55:56 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.07.21 11:55:55 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.07.21 11:55:55 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.07.21 11:55:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.07.21 11:52:27 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2013.07.21 11:40:27 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.07.21 11:40:27 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.21 21:04:10 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\FileOut.cns [2013.05.21 21:04:10 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\FileIn.cns [2013.04.12 21:56:10 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini [2013.01.07 16:44:52 | 000,828,657 | ---- | C] () -- C:\Windows\Diercke Globus Uninstaller.exe [2012.09.27 16:54:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.04.18 10:45:41 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.04.17 12:24:16 | 000,001,124 | ---- | C] () -- C:\Users\***\OpenOffice.org 3.3.lnk [2012.04.13 20:28:18 | 000,000,283 | ---- | C] () -- C:\Windows\madagascar.ini [2012.04.01 12:12:01 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.11 21:20:54 | 000,219,026 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.03.11 21:20:54 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat [2012.03.11 20:17:16 | 000,177,993 | ---- | C] () -- C:\Windows\hphins33.dat [2012.03.11 20:17:16 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat [2012.02.28 20:42:48 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe [2011.09.27 14:18:42 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.09.27 14:18:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.23 14:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cornelsen [2013.01.07 16:45:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Diercke Globus [2013.05.06 14:36:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2012.04.17 12:24:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.04.06 17:31:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RedDotGames [2013.03.28 23:20:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.07.2013 13:47:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,44 Gb Available Physical Memory | 68,13% Memory free
15,96 Gb Paging File | 13,44 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 34,89 Gb Free Space | 31,21% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D6E7E6-868C-46C4-9742-32356F72C4B9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0BF7912B-8EDF-4031-9DDA-096CFE676CE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1957DCAB-E20F-4BD5-B6EF-79FB06CFD767}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D91200C-BB06-4573-9E10-40510C5B1A6C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2CDE6F03-94D8-4F2B-BEB4-1FBC370ACF22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33AB2FD8-79D1-4AA2-B34A-4099B37D34FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43705F44-8908-4AB9-BFDF-5981240B11A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{46152643-A7F0-4530-AAB8-C8D539621B99}" = rport=137 | protocol=17 | dir=out | app=system |
"{58451DC7-A424-4A62-AFB0-7C9FEE120C41}" = rport=139 | protocol=6 | dir=out | app=system |
"{66A36A25-AF12-41D4-91E4-1E2F5ECFBBCB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{675BA171-B6E6-4001-99B0-DB4702FCCDCE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{686DE8C2-E5AD-46EB-B456-C7E62BC98CDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{69903179-6FA9-4205-802A-295DEEB6363A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D24E21C-5A08-4A34-852B-A493146D34B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{71D8E090-0F9E-4269-B1B4-D18540EFFE9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79F03C76-79EA-4E54-B65F-085DDC16BFEB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7F543841-3E3F-4EBA-A714-9B38C9F3F121}" = lport=445 | protocol=6 | dir=in | app=system |
"{85EC0F71-2E06-4FCA-A96E-8209F65F7B8E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{85FF6149-9F39-477E-A92B-A4E3B368660E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9070BD99-4701-47A3-B49D-8434EE6C173C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{952296D9-3E6B-4016-90D0-58D159FAF305}" = rport=138 | protocol=17 | dir=out | app=system |
"{97124B34-9BEA-4903-B1EA-8232EE5C9881}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A4B577E-79A1-4D59-95B6-D292F842A3C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AC63330E-E816-4350-AFC6-8A724E8BE939}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B67A636E-C180-4D55-BD2B-14F24B830263}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF6D6B3F-044A-4877-9213-C7D5D15F5EA5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7DD1089-347D-4DBE-8B87-BA8E2FD19246}" = lport=138 | protocol=17 | dir=in | app=system |
"{D993315F-A900-4B86-82BA-4D4DF5745E81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0F8FCCD-8A28-47F3-8F84-DE8283D6ED60}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA5D5A67-C9BC-4DEF-A47D-1475928A71AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB6E6569-016C-4056-917F-1A322DE174F5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F06CB6D5-9F80-47EE-B1BA-593BDDA2A01C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F2B972A9-A092-4E43-9717-7873EEA6F8AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F41DC94E-E514-4379-A13A-79C16DBFA128}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075DFE70-A05A-4C9E-94A3-AFA0D779678A}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{11547F77-6997-4119-B9BB-F6876A09EC4D}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012 demo\skiregionsimulator2012.exe |
"{125E0CC7-8FA9-4BE8-A96E-694CD48DDCCB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{12793766-0D62-42DC-A8DC-AD7B07402A63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{23C81584-F8EB-460D-AF23-6346253085FD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{267982CD-2678-4D02-95CA-F95A751F449D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CC52D5A-5147-4852-BEF9-44E449B66CAA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33D5096F-F205-41A3-BA30-A3432E4F22B8}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe |
"{3FBF5901-FFD8-4583-B821-1F5DBA9D98C7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{40B77C0C-8686-4578-AB47-7738EA8DCCEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{438AB606-F702-45E1-ACF7-ACAEEB519FBE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{4670AB29-B351-41ED-B83A-70C6F8AD6F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012 demo\skiregionsimulator2012.exe |
"{47B587DA-17FA-44F0-8CA8-A938F1AEC4D2}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{4831F904-25B3-41A4-AE14-B9B58A94D672}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4A2A1EBB-1F37-470F-94D5-F065297C4D8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A2D951C-568F-427E-A649-DFAEF981B024}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AA5A54F-F2DF-48AD-B809-FDF73CCCB121}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{56CF7EEA-D967-46F6-BFE8-4EE73D8F859F}" = protocol=17 | dir=in | app=c:\program files (x86)\pacific hawk\pacific hawk\game.exe |
"{5BE30D9D-81B1-45A3-96D9-23E4B2A320CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D7C3877-F032-497C-AB84-D5B912D32C36}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011 demo\game.exe |
"{5F8DFC80-867B-401D-ACF7-86FD0C862E7B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{610E475D-7AC0-4364-8D63-AB4CF9BEFEAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EA62FA0-26AE-4D0C-B8EA-20BBFC1BA2C2}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{6FACC0F7-5630-4235-8F11-FA2DCC53E558}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{6FE62AD4-6F2E-4202-8B2E-55C77B686B95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78A47696-14B3-405C-97C0-E8F3EABAA3F0}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{78C8BD8A-F329-4B91-A0B2-7CD6803A3DF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79C65047-2CA2-4684-81AF-4A0643D864A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7B1D2749-73E1-47DC-918F-58D0F3ACF53E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85A2ED0E-3DA1-4683-BBEC-9D0455A0EB86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{87EFE64B-CC93-47EC-8FE1-E2639ABB22DA}" = protocol=6 | dir=in | app=c:\program files (x86)\pacific hawk\pacific hawk\game.exe |
"{88EA5DCE-80DE-4840-B656-3F558B35CA8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8996C32C-F6A4-4A6B-B514-014F12AD0893}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{8E37B234-D62B-4C14-8A5B-83DD1B1F3604}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8EC28B92-7533-4986-A7B8-8A2461462694}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8ECFEAC1-DF37-4183-838E-983FB12CF975}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{94BFB0D9-E9E6-4904-8242-FDCCFA99049D}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012.exe |
"{980536EB-7D2F-472F-A6B8-D36BCF486A65}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012game.exe |
"{A26AE5AC-E8E3-4D7A-98EE-38658A18B420}" = protocol=6 | dir=out | app=system |
"{A33A6E6E-0FE1-4832-AA09-DDA7A19EAD59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AEA82BC7-7E34-4C31-B9BF-578DB598F297}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B097C575-C7AC-496F-8929-3A3476C59DD1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{B388123A-0727-4F76-95F7-6BEE0D2A03BE}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{BF3D7DB5-CCDD-4DFC-BA95-F6F1FDE3D26C}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{C0E5A557-E621-4D0B-9D20-8CD59654A879}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{C512D5FF-C0DC-4366-9CD4-6A35EEFF9A0E}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe |
"{C61435B3-38B8-4E74-B0C3-3810E1500B2F}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012.exe |
"{CF7523A8-B3FA-4FA3-8BBE-82FE2CA0F612}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D4DBF96F-ED0C-410A-9657-B24669B05897}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012 demo\game.exe |
"{DB0F4984-9704-43E1-862F-687757684346}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012 demo\game.exe |
"{DB247CA9-4685-49F6-B792-25E06C1512D3}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{DF72A23F-047A-4037-A020-987DAD64E59F}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011 demo\game.exe |
"{E9CD80F8-6FD0-4BF8-B599-9E8E3410ED26}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{EFA79277-BE0C-437F-BCFE-A42663028116}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012game.exe |
"{F711C667-CDB5-46E6-9558-79C27A21FD20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA185E1A-B655-47D3-86E1-37FEDE7C66A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{FB38D78F-EA79-4C57-A782-24DA5274FECA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{FBBEE134-7FAC-4054-91B3-73CBA5D5A14D}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{FCEAA8DB-3910-469A-AE0D-8AE27FD32C21}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{FE6700B1-001F-49C5-935E-604A55884642}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"TCP Query User{4CEE222D-0D61-473A-A66C-7BB83182FF61}C:\users\***\appdata\roaming\wexyt\ynim.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\wexyt\ynim.exe |
"TCP Query User{929A6A04-FD40-4166-A956-8B741710E998}C:\program files (x86)\pacific hawk\pacific hawk\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacific hawk\pacific hawk\game.exe |
"TCP Query User{EC08A8E4-7206-40AB-8C1C-0DE19C90D21B}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe |
"TCP Query User{F7335606-2D93-4500-B4FE-A445D2EA8BE8}C:\users\***\appdata\roaming\wexyt\ynim.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\wexyt\ynim.exe |
"UDP Query User{01AC408A-17EF-440E-8F53-CE5FEC44BCE5}C:\users\***\appdata\roaming\wexyt\ynim.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\wexyt\ynim.exe |
"UDP Query User{33181905-2C65-4A06-9173-3DDE9660EAFA}C:\users\***\appdata\roaming\wexyt\ynim.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\wexyt\ynim.exe |
"UDP Query User{B3C3CC4F-9CA6-440B-BBD5-AACA116FA3A1}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{FEF8C81F-4D98-4B69-9EA2-8EF12077D2F7}C:\program files (x86)\pacific hawk\pacific hawk\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacific hawk\pacific hawk\game.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5409411D-CD72-432D-B823-1B520B24BD3C}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{EDBC8AED-78A3-424E-ADB6-C7B1424FFAFD}" = Studie zur Verbesserung von HP Photosmart 5510 series Produkten
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar (TM)
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Edimax Wireless LAN Card
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AEB2EFA-477F-4F3F-9864-356AC2141F45}" = aerosoft's - Berliner S-Bahn Teil 1
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66D475AE-F18B-43A0-8BAF-61AF4403E339}" = Webcam 1200
"{681734DF-28F0-4842-855C-91CCE610FA67}" = Aerosoft's - Strassenbahn Berlin-Koepenick
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{82D7E57E-D9F0-4C2E-AA57-3E143D89F515}" = aerosoft's - Hoellentalbahn
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF59382-3FF1-4EBF-A93E-CCC474DCEA3F}_is1" = Bau-Simulator 2012 Version 1.0
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C98DB470-A8FD-4C84-9B21-DF222199DD66}" = aerosoft's - High Speed Trains
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D227E95D-C9E6-4B09-BC4C-F5A96D08A1CE}" = Patrizier IV Demo
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Hilfe
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EA5151A0-FCCA-4EE5-8B0A-D068F62DE52A}_is1" = Flughafen-Feuerwehr-Simulator Version 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"18 WoS Extreme Trucker" = 18 WoS Extreme Trucker 1.01
"3D-Fahrschule 2" = 3D-Fahrschule 2
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v3.00
"avast" = avast! Free Antivirus
"Bagger-Simulator 2011 (Demo)" = Bagger-Simulator 2011 (Demo)
"DemolitionCompanyDE_is1" = Demolition Company
"Diercke Globus" = Diercke Globus
"DriveGreen1" = John Deere Landmaschinen Simulator
"DVBViewer TE2_is1" = DVBViewer TE2
"Euro Truck Simulator" = Euro Truck Simulator 1.3
"FarmingSimulator2009GoldDE_is1" = Landwirtschafts-Simulator 2009 Gold
"FarmingSimulator2011DemoDE_is1" = Landwirtschafts Simulator 2011 Demo
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"German Truck Simulator" = German Truck Simulator 1.32
"HP Photo Creations" = HP Photo Creations
"InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar
"Knobel- und Denkspiele 2_is1" = Knobel- und Denkspiele 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Moorhuhn Winter-Edition" = Moorhuhn Winter-Edition
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Pacific Hawk" = Pacific Hawk 1.0
"Ski Slalom 2010_is1" = Ski Slalom 2010
"SkiRegionSimulator2012DE_is1" = Skiregion Simulator 2012
"Train Simulator 1.0" = Microsoft Train Simulator
"Trucks & Trailers" = Trucks & Trailers 1.00
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2013 08:20:20 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 02.07.2013 08:20:20 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 02.07.2013 08:20:20 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 02.07.2013 08:29:34 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
Error - 02.07.2013 08:39:39 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
Error - 02.07.2013 13:00:33 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2013 13:05:07 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 02.07.2013 13:05:07 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 02.07.2013 13:05:07 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 02.07.2013 13:51:18 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 02.07.2013 13:58:03 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 15.06.2013 15:13:36 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:13:36 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 15.06.2013 15:14:54 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:14:52 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 21.07.2013 05:19:57 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 11:19:57 - Fehler beim Herstellen der Internetverbindung. 11:19:57
- Serververbindung konnte nicht hergestellt werden..
Error - 21.07.2013 05:20:05 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 11:20:02 - Fehler beim Herstellen der Internetverbindung. 11:20:02
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 21.07.2013 06:55:14 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 21.07.2013 06:56:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.07.2013 06:56:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.07.2013 07:09:34 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 21.07.2013 07:09:34 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 21.07.2013 07:09:34 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 21.07.2013 07:09:34 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 21.07.2013 07:09:50 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 21.07.2013 07:10:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.07.2013 07:10:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Den 3. Schritt mit GMER konnte ich leider nicht durchführen, weil das Programm während des Scans, mit der Meldung "es würde nicht mehr funktionieren", beendet wurde. Ich hoffe ihr könnt mir helfen den Rechner ohne neu aufsetzen wieder sauber zu bekommen. Grüße keep_smile |
|
21.07.2013, 14:30
| #2 |
| /// the machine /// TB-Ausbilder    | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
21.07.2013, 14:54
| #3 |
| | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden Hallo schrauber,
__________________danke für deine schnelle Antwort. Hier die Logs: FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by *** (administrator) on 21-07-2013 15:49:20
Running from C:\Users\***\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Edimax Technology Co., Ltd.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7288424 2011-08-15] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
MountPoints2: {07aa8648-46be-11e1-a09d-8c89a57ce71f} - I:\pushinst.exe
MountPoints2: {dce6a8da-1999-11e1-8e33-806e6f6e6963} - D:\cdstart.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
ShortcutTarget: Server4PC.lnk -> C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co., Ltd.)
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {47D354BB-583D-49D0-B585-A1E525362CF4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0F1AC976-7A0C-4006-9A17-B40D3858CB41&apn_sauid=C88B670D-302A-481E-AF1C-018EC4D35E19
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-21] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 SKYNETU2C; C:\Windows\System32\DRIVERS\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-21 15:49 - 2013-07-21 15:49 - 00000000 ____D C:\FRST
2013-07-21 15:48 - 2013-07-21 15:48 - 01779345 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-21 15:45 - 2013-07-21 15:45 - 05881080 _____ (Intel Corporation) C:\Users\***\Downloads\infinst_autol.exe
2013-07-21 15:45 - 2013-07-21 15:45 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-21 15:45 - 2013-02-27 15:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Users\***\SystemRequirementsLab
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-21 15:40 - 2013-03-01 09:29 - 00000230 _____ C:\Users\***\Downloads\Station Drivers ici tous les drivers nouveaux & anciens.url
2013-07-21 15:40 - 2013-02-18 11:40 - 03667973 _____ (Asmedia Technology) C:\Users\***\Downloads\setup.exe
2013-07-21 15:40 - 2013-01-15 22:40 - 00014272 _____ C:\Users\***\Downloads\readme.txt
2013-07-21 15:32 - 2013-07-21 15:32 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Macromedia
2013-07-21 15:17 - 2013-07-21 15:17 - 00000072 _____ C:\3EDC4RFV.dat
2013-07-21 15:13 - 2013-07-21 15:13 - 06003527 _____ C:\Users\***\Downloads\7740v23.zip
2013-07-21 13:56 - 2013-07-21 13:56 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-21 13:51 - 2013-07-21 13:51 - 00078662 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-21 13:50 - 2013-07-21 13:50 - 00073884 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-21 13:38 - 2013-07-21 13:38 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-21 13:37 - 2013-07-21 13:37 - 00000480 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-21 13:37 - 2013-07-21 13:37 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 13:36 - 2013-07-21 13:36 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-21 13:14 - 2013-07-21 13:14 - 00000929 _____ C:\AdwCleaner[R1].txt
2013-07-21 12:59 - 2013-07-21 12:59 - 01376768 _____ C:\Users\***\Downloads\7z920-x64.msi
2013-07-21 12:59 - 2013-07-21 12:59 - 00000000 ____D C:\Program Files\7-Zip
2013-07-21 12:46 - 2013-07-21 12:46 - 00001409 _____ C:\AdwCleaner[S1].txt
2013-07-21 12:45 - 2013-07-21 12:45 - 00666633 _____ C:\Users\***\Downloads\adwcleaner06.exe
2013-07-21 12:12 - 2013-07-21 12:12 - 00000000 ____D C:\Program Files (x86)\FinalWire
2013-07-21 12:11 - 2013-07-21 12:11 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-21 12:11 - 2013-07-21 12:11 - 00000000 ____D C:\Program Files\CCleaner
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 12:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-21 12:04 - 2013-07-21 12:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-21 11:55 - 2013-07-21 15:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-21 11:55 - 2013-07-21 11:56 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-21 11:55 - 2013-07-21 11:56 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-21 11:55 - 2013-07-21 11:56 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-21 11:55 - 2013-07-21 11:55 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-21 11:55 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-21 11:55 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-21 11:55 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-21 11:52 - 2013-07-21 11:52 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-07-21 11:50 - 2013-07-21 11:50 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-21 11:50 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-21 11:50 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-21 11:50 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-21 11:50 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-21 11:50 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-21 11:50 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-21 11:49 - 2013-07-21 11:49 - 15199352 _____ (FinalWire Ltd. ) C:\Users\***\Downloads\aida64extreme300.exe
2013-07-21 11:48 - 2013-07-21 11:49 - 117478104 _____ C:\Users\***\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-21 11:48 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-07-21 11:48 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-07-21 11:48 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-21 11:48 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-07-21 11:48 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-21 11:48 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-21 11:48 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-21 11:45 - 2013-07-21 11:48 - 00000002 _____ C:\AvastSetup.log
2013-07-21 11:45 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-21 11:45 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-21 11:45 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-21 11:45 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-21 11:45 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-21 11:45 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-21 11:40 - 2013-07-21 12:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-21 11:40 - 2013-07-21 11:40 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 11:37 - 2013-07-21 11:37 - 00280368 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup Stub 22.0.exe
2013-07-21 11:35 - 2013-07-21 11:35 - 00293328 _____ C:\Windows\Minidump\072113-8907-01.dmp
2013-07-21 11:14 - 2013-07-21 11:14 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe
2013-07-04 15:10 - 2013-07-04 15:12 - 00000000 ____D C:\ProgramData\A86F7BE40715AB180000A86ED37DB398
2013-06-26 20:13 - 2013-06-26 20:14 - 00000000 ____D C:\Users\***\Documents\Probleme (Lichtenhain)
==================== One Month Modified Files and Folders =======
2013-07-21 15:49 - 2013-07-21 15:49 - 00000000 ____D C:\FRST
2013-07-21 15:48 - 2013-07-21 15:48 - 01779345 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-21 15:45 - 2013-07-21 15:45 - 05881080 _____ (Intel Corporation) C:\Users\***\Downloads\infinst_autol.exe
2013-07-21 15:45 - 2013-07-21 15:45 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Users\***\SystemRequirementsLab
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-21 15:42 - 2012-01-23 15:12 - 00000000 ____D C:\Users\***
2013-07-21 15:41 - 2012-04-17 12:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 15:38 - 2009-07-14 06:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-21 15:38 - 2009-07-14 06:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-21 15:35 - 2010-11-21 08:50 - 03897460 _____ C:\Windows\system32\perfh007.dat
2013-07-21 15:35 - 2010-11-21 08:50 - 01137722 _____ C:\Windows\system32\perfc007.dat
2013-07-21 15:35 - 2009-07-14 07:13 - 00005430 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 15:32 - 2013-07-21 15:32 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Macromedia
2013-07-21 15:32 - 2012-04-17 12:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 15:32 - 2012-04-17 12:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 15:32 - 2012-04-17 12:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 15:31 - 2013-07-21 11:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-21 15:31 - 2013-03-15 21:38 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-21 15:31 - 2011-11-28 09:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-21 15:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 15:31 - 2009-07-14 06:51 - 00124024 _____ C:\Windows\setupact.log
2013-07-21 15:24 - 2012-01-23 15:12 - 01485010 _____ C:\Windows\WindowsUpdate.log
2013-07-21 15:23 - 2011-11-28 09:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-21 15:17 - 2013-07-21 15:17 - 00000072 _____ C:\3EDC4RFV.dat
2013-07-21 15:13 - 2013-07-21 15:13 - 06003527 _____ C:\Users\***\Downloads\7740v23.zip
2013-07-21 15:01 - 2012-09-27 16:55 - 00000264 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-07-21 14:53 - 2013-03-15 21:38 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-21 14:08 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-21 13:56 - 2013-07-21 13:56 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-21 13:51 - 2013-07-21 13:51 - 00078662 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-21 13:50 - 2013-07-21 13:50 - 00073884 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-21 13:38 - 2013-07-21 13:38 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-21 13:37 - 2013-07-21 13:37 - 00000480 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-21 13:37 - 2013-07-21 13:37 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 13:36 - 2013-07-21 13:36 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-21 13:14 - 2013-07-21 13:14 - 00000929 _____ C:\AdwCleaner[R1].txt
2013-07-21 12:59 - 2013-07-21 12:59 - 01376768 _____ C:\Users\***\Downloads\7z920-x64.msi
2013-07-21 12:59 - 2013-07-21 12:59 - 00000000 ____D C:\Program Files\7-Zip
2013-07-21 12:46 - 2013-07-21 12:46 - 00001409 _____ C:\AdwCleaner[S1].txt
2013-07-21 12:45 - 2013-07-21 12:45 - 00666633 _____ C:\Users\***\Downloads\adwcleaner06.exe
2013-07-21 12:37 - 2010-11-21 05:47 - 00010864 _____ C:\Windows\PFRO.log
2013-07-21 12:12 - 2013-07-21 12:12 - 00000000 ____D C:\Program Files (x86)\FinalWire
2013-07-21 12:12 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-21 12:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-21 12:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-21 12:11 - 2013-07-21 12:11 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-21 12:11 - 2013-07-21 12:11 - 00000000 ____D C:\Program Files\CCleaner
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 12:07 - 2012-03-23 15:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-21 12:07 - 2012-03-23 15:26 - 00000000 ____D C:\ProgramData\Adobe
2013-07-21 12:06 - 2012-03-23 15:38 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Adobe
2013-07-21 12:04 - 2013-07-21 12:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 12:04 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-21 12:04 - 2012-10-02 15:58 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 12:04 - 2012-10-02 15:58 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 12:04 - 2012-04-17 12:24 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-21 11:56 - 2013-07-21 11:55 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-21 11:56 - 2013-07-21 11:55 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-21 11:56 - 2013-07-21 11:55 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-21 11:55 - 2013-07-21 11:55 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-21 11:52 - 2013-07-21 11:52 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-07-21 11:50 - 2013-07-21 11:50 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-21 11:49 - 2013-07-21 11:49 - 15199352 _____ (FinalWire Ltd. ) C:\Users\***\Downloads\aida64extreme300.exe
2013-07-21 11:49 - 2013-07-21 11:48 - 117478104 _____ C:\Users\***\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-21 11:48 - 2013-07-21 11:45 - 00000002 _____ C:\AvastSetup.log
2013-07-21 11:48 - 2013-03-15 21:38 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-21 11:48 - 2013-03-15 21:38 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-21 11:40 - 2013-07-21 11:40 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 11:37 - 2013-07-21 11:37 - 00280368 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup Stub 22.0.exe
2013-07-21 11:35 - 2013-07-21 11:35 - 00293328 _____ C:\Windows\Minidump\072113-8907-01.dmp
2013-07-21 11:35 - 2012-02-29 19:32 - 520651347 _____ C:\Windows\MEMORY.DMP
2013-07-21 11:35 - 2012-02-29 19:32 - 00000000 ____D C:\Windows\Minidump
2013-07-21 11:28 - 2012-07-20 20:14 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2013-07-21 11:21 - 2012-03-11 20:19 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-21 11:21 - 2012-03-11 20:17 - 00002632 _____ C:\ProgramData\hpzinstall.log
2013-07-21 11:14 - 2013-07-21 11:14 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe
2013-07-09 13:26 - 2013-01-07 16:29 - 00000000 ____D C:\Users\***\Documents\German Truck Simulator
2013-07-09 13:17 - 2013-04-12 21:57 - 00000000 ____D C:\Users\***\Documents\Trucks & Trailers
2013-07-04 15:12 - 2013-07-04 15:10 - 00000000 ____D C:\ProgramData\A86F7BE40715AB180000A86ED37DB398
2013-06-26 20:14 - 2013-06-26 20:13 - 00000000 ____D C:\Users\***\Documents\Probleme (Lichtenhain)
2013-06-25 18:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-24 00:41 - 2011-11-08 13:28 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 16:21
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013 Ran by *** at 2013-07-21 15:49:38 Running from C:\Users\***\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 18 WoS Extreme Trucker 1.01 (x32 Version: 1.01) 3D-Fahrschule 2 (x32) 64 Bit HP CIO Components Installer (Version: 6.2.2) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Acrobat 4.0 (x32) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) aerosoft's - Berliner S-Bahn Teil 1 (x32) aerosoft's - High Speed Trains (x32) aerosoft's - Hoellentalbahn (x32) Aerosoft's - Strassenbahn Berlin-Koepenick (x32 Version: 1.10) AIDA64 Extreme Edition v3.00 (x32 Version: 3.00) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.4.7.0) avast! Free Antivirus (x32 Version: 8.0.1489.0) B110 (x32 Version: 140.0.142.000) Bagger-Simulator 2011 (Demo) (x32) Bau-Simulator 2012 Version 1.0 (x32 Version: 1.0) BufferChm (x32 Version: 140.0.212.000) Cisco EAP-FAST Module (x32 Version: 2.1.6) Cisco LEAP Module (x32 Version: 1.0.12) Cisco PEAP Module (x32 Version: 1.0.13) D1600 (x32 Version: 140.0.690.000) Demolition Company (x32) Destinations (x32 Version: 140.0.77.000) DeviceDiscovery (x32 Version: 140.0.212.000) Diercke Globus (x32 Version: 1.1) Direct Show Ogg Vorbis Filter (remove only) (x32) DJ_SF_06_D1600_SW_Min (x32 Version: 140.0.690.000) DVBViewer TE2 (x32) eaner (Version: 4.03) Edimax Wireless LAN Card (x32 Version: 1.5.1.0) Emergency4 (x32 Version: 1.03.001) Euro Truck Simulator 1.3 (x32 Version: 1.3) Flughafen-Feuerwehr-Simulator Version 1.0 (x32) German Truck Simulator 1.32 (x32 Version: 1.32) Google Earth Plug-in (x32 Version: 7.0.3.8542) Google Update Helper (x32 Version: 1.3.21.153) GPBaseService2 (x32 Version: 140.0.211.000) High-Definition Video Playback (x32 Version: 7.1.13900.47.0) HP Customer Participation Program 14.0 (Version: 14.0) HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 (Version: 14.0) HP Imaging Device Functions 14.0 (Version: 14.0) HP Photo Creations (x32 Version: 1.0.0.5192) HP Photosmart 5510 series - Grundlegende Software für das Gerät (Version: 25.0.621.0) HP Photosmart 5510 series Hilfe (x32 Version: 140.0.2.2) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 14.0 (Version: 14.0) HP Update (x32 Version: 5.003.000.004) HPAppStudio (x32 Version: 140.0.95.000) HPPhotoGadget (x32 Version: 140.0.524.000) HPProductAssistant (x32 Version: 140.0.212.000) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) John Deere Landmaschinen Simulator (x32 Version: 1.0) Junk Mail filter update (x32 Version: 14.0.8117.416) Knobel- und Denkspiele 2 (x32) Landwirtschafts Simulator 2011 Demo (x32 Version: 1.0) Landwirtschafts Simulator 2013 (x32 Version: 1.0) Landwirtschafts-Simulator 2009 Gold (x32) Madagascar (TM) (x32 Version: 1.00.0000) Madagascar (x32 Version: 1.00.0000) MainConcept DTV Decoder Pro (x32 Version: 1.5.0.2) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 140.0.212.000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0) Microsoft Silverlight (x32 Version: 4.0.60831.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0) Microsoft Train Simulator (x32) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0) Moorhuhn Winter-Edition (x32) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Nero 10 Movie ThemePack 1 (x32 Version: 10.2.10000.11.0) Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0) Nero BurnRights 10 (x32 Version: 4.2.10500.1.102) Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000) Nero Control Center 10 (x32 Version: 10.2.11900.1.9) Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000) Nero Core Components 10 (x32 Version: 2.0.18400.9.0) Nero CoverDesigner 10 (x32 Version: 5.2.11400.11.100) Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000) Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100) Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000) Nero Express 10 (x32 Version: 10.2.11900.20.100) Nero Express 10 Help (CHM) (x32 Version: 10.5.10300) Nero InfoTool 10 (x32 Version: 7.2.10400.5.100) Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000) Nero MediaHub 10 (x32 Version: 1.2.13200.33.100) Nero MediaHub 10 Help (CHM) (x32 Version: 10.5.10000) Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10400) Nero RescueAgent 10 (x32 Version: 3.2.10800.9.100) Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000) Nero StartSmart 10 (x32 Version: 10.2.11600.14.100) Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000) Nero Update (x32 Version: 1.0.0018) Network64 (Version: 140.0.212.000) NVIDIA 3D Vision Controller Driver (x32 Version: 280.19) NVIDIA 3D Vision Controller-Treiber 296.10 (Version: 296.10) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.109.718) NVIDIA PhysX (x32 Version: 9.12.0213) NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Pacific Hawk 1.0 (x32 Version: 1.0) Patrizier IV Demo (x32 Version: 1.0.0) PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000) QuickTransfer (x32 Version: 140.0.98.000) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438) Scan (x32 Version: 140.0.77.000) Ski Slalom 2010 (x32) Skiregion Simulator 2012 (x32 Version: 1.0) SmartWebPrinting (x32 Version: 140.0.186.000) SolutionCenter (x32 Version: 140.0.213.000) Status (x32 Version: 140.0.212.000) Studie zur Verbesserung von HP Photosmart 5510 series Produkten (Version: 25.0.621.0) System Requirements Lab for Intel (x32 Version: 4.5.15.0) TechniSat DVB-PC TV Star (x32 Version: 4.3.3) Toolbox (x32 Version: 140.0.428.000) TrayApp (x32 Version: 140.0.212.000) Trucks & Trailers 1.00 (x32 Version: 1.00) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Webcam 1200 (x32 Version: 1.0.0.0) WebReg (x32 Version: 140.0.212.017) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8117.0416) Windows Live Communications Platform (x32 Version: 14.0.8117.416) Windows Live Essentials (x32 Version: 14.0.8117.0416) Windows Live Essentials (x32 Version: 14.0.8117.416) Windows Live Family Safety (Version: 14.0.8118.427) Windows Live Fotogalerie (x32 Version: 14.0.8117.416) Windows Live Mail (x32 Version: 14.0.8117.0416) Windows Live Messenger (x32 Version: 14.0.8117.0416) Windows Live Movie Maker (x32 Version: 14.0.8117.0416) Windows Live Sync (x32 Version: 14.0.8117.416) Windows Live Toolbar (x32 Version: 14.0.8117.416) Windows Live Writer (x32 Version: 14.0.8117.0416) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {043A1F46-6CE0-4411-84E1-06B15C79CB12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {0F5AF397-4977-4E79-881B-6A36A0E32824} - System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} => C:\Windows\system32\msfeedssync.exe [2013-04-30] (Microsoft Corporation) Task: {31463616-8E78-4B36-AE36-F6993A87C756} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.) Task: {57A64ED7-2D36-4038-8555-00B1374E0238} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] () Task: {7807ED6F-1CCB-42F5-A32B-6C88D952BE9B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {9BB06E46-2BD7-4028-BFB9-45F136473DB0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {ABAE6F9F-F834-48DD-84FE-E4D415762F9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.) Task: {BF3D18F4-A4F5-46EF-A568-A9409ECD458E} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.) Task: {C9D2F83D-7EB9-4197-80BB-EA6546C84EDE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {CAEA603A-FC49-4D43-95D6-E1D1DA0BCCF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-21] (Adobe Systems Incorporated) Task: {D1693ED1-0D3D-499E-A4E4-CE9E3D810C60} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2013 03:35:27 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (07/21/2013 03:35:27 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/21/2013 03:35:26 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/21/2013 03:31:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 03:22:24 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 02:08:22 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 02:04:39 PM) (Source: Application Hang) (User: ) Description: Programm mmc.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14b4 Startzeit: 01ce860a2c42cdab Endzeit: 0 Anwendungspfad: C:\Windows\system32\mmc.exe Berichts-ID: b555cf1a-f1fd-11e2-9c9e-8c89a57ce71f Error: (07/21/2013 02:01:55 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000218a ID des fehlerhaften Prozesses: 0x1698 Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0 Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1 Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2 Berichtskennung: gmer_2.1.19163.exe3 Error: (07/21/2013 02:00:33 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000218a ID des fehlerhaften Prozesses: 0x1360 Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0 Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1 Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2 Berichtskennung: gmer_2.1.19163.exe3 Error: (07/21/2013 01:08:51 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/21/2013 03:33:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (07/21/2013 03:33:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (07/21/2013 03:32:10 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/21/2013 03:31:24 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (07/21/2013 03:31:24 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (07/21/2013 03:31:24 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (07/21/2013 03:31:24 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Error: (07/21/2013 03:23:24 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/21/2013 03:22:36 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x800700b7 Error: (07/21/2013 03:22:36 PM) (Source: WMPNetworkSvc) (User: ) Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/ Microsoft Office Sessions: ========================= Error: (07/21/2013 03:35:27 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/21/2013 03:35:27 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/21/2013 03:35:26 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/21/2013 03:31:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 03:22:24 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 02:08:22 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 02:04:39 PM) (Source: Application Hang)(User: ) Description: mmc.exe6.1.7600.1638514b401ce860a2c42cdab0C:\Windows\system32\mmc.exeb555cf1a-f1fd-11e2-9c9e-8c89a57ce71f Error: (07/21/2013 02:01:55 PM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a169801ce8609f4a0dd93C:\Users\***\Desktop\gmer_2.1.19163.exeC:\Users\***\Desktop\gmer_2.1.19163.exe56049500-f1fd-11e2-9c9e-8c89a57ce71f Error: (07/21/2013 02:00:33 PM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a136001ce8609c16cdf06C:\Users\***\Desktop\gmer_2.1.19163.exeC:\Users\***\Desktop\gmer_2.1.19163.exe2538190f-f1fd-11e2-9c9e-8c89a57ce71f Error: (07/21/2013 01:08:51 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 8156.59 MB Available physical RAM: 6637.51 MB Total Pagefile: 16311.36 MB Available Pagefile: 14737.27 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.79 GB) (Free:34.45 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3218CDB7) Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS) ==================== End Of Log ============================ keep_smile |
|
21.07.2013, 15:21
| #4 | |
| /// the machine /// TB-Ausbilder | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefundenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2013, 22:00
| #5 |
| | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden Habe jetzt Combofix ausgeführt. Hier das Logfile. Realname wurde wieder durch *** ersetzt. Combofix.txt Code:
ATTFilter ComboFix 13-07-20.03 - *** 21.07.2013 22:48:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8157.6718 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-21 bis 2013-07-21 ))))))))))))))))))))))))))))))
.
.
2013-07-21 20:51 . 2013-07-21 20:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-21 20:51 . 2013-07-21 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-21 20:51 . 2013-07-21 20:51 -------- d-----w- c:\users\Privat\AppData\Local\temp
2013-07-21 13:49 . 2013-07-21 13:49 -------- d-----w- C:\FRST
2013-07-21 13:45 . 2013-07-21 13:45 -------- d-----w- c:\program files (x86)\Intel
2013-07-21 13:45 . 2013-02-27 13:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-07-21 13:42 . 2013-07-21 13:42 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-07-21 13:42 . 2013-07-21 13:42 -------- d-----w- c:\users\***\SystemRequirementsLab
2013-07-21 13:32 . 2013-07-21 13:32 -------- d-----w- c:\users\***\AppData\Local\Macromedia
2013-07-21 10:59 . 2013-07-21 10:59 -------- d-----w- c:\program files\7-Zip
2013-07-21 10:22 . 2013-07-21 10:22 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-07-21 10:12 . 2013-07-21 10:12 -------- d-----w- c:\program files (x86)\FinalWire
2013-07-21 10:11 . 2013-07-21 10:11 -------- d-----w- c:\program files\CCleaner
2013-07-21 10:10 . 2013-07-21 10:10 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-07-21 10:10 . 2013-07-21 10:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-21 10:10 . 2013-07-21 10:10 -------- d-----w- c:\programdata\Malwarebytes
2013-07-21 10:10 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-21 10:04 . 2013-07-21 10:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-21 10:04 . 2013-07-21 10:04 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-21 09:55 . 2013-07-21 09:56 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-21 09:55 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-07-21 09:55 . 2013-07-21 09:56 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-21 09:55 . 2013-07-21 09:56 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-21 09:55 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-07-21 09:55 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-21 09:55 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-07-21 09:55 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-21 09:55 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-21 09:55 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-07-21 09:55 . 2013-07-21 09:55 -------- d-----w- c:\program files\AVAST Software
2013-07-21 09:55 . 2013-07-21 09:55 -------- d-----w- c:\programdata\AVAST Software
2013-07-21 09:48 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-07-21 09:48 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-21 09:48 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-21 09:48 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-21 09:48 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-07-21 09:48 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-07-21 09:48 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-07-21 09:40 . 2013-07-21 09:40 -------- d-----w- c:\users\***\AppData\Local\Mozilla
2013-07-21 09:40 . 2013-07-21 09:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-09 10:46 . 2013-06-12 03:08 9552976 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E9C1E97-EA3A-4CED-A8A1-EC742410C484}\mpengine.dll
2013-07-04 13:10 . 2013-07-04 13:12 -------- d-----w- c:\programdata\A86F7BE40715AB180000A86ED37DB398
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 13:32 . 2012-04-17 10:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 13:32 . 2012-04-17 10:20 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-21 10:22 . 2012-07-28 17:35 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-07-21 10:22 . 2012-07-28 17:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-07-21 10:04 . 2012-10-02 13:58 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-21 10:04 . 2012-04-17 10:24 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:41 . 2011-11-08 11:28 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-15 20:15 . 2012-09-02 17:13 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-15 20:15 . 2012-09-02 17:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-05-13 05:51 . 2013-06-12 12:59 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 12:59 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 12:59 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 12:59 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 12:59 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 12:59 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:59 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 12:59 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:59 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:59 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 12:59 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 12:59 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 12:59 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 17:08 . 2013-04-30 17:08 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 17:08 . 2013-04-30 17:08 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 17:08 . 2013-04-30 17:08 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 17:08 . 2013-04-30 17:08 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 17:08 . 2013-04-30 17:08 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 17:08 . 2013-04-30 17:08 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 17:08 . 2013-04-30 17:08 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 17:08 . 2013-04-30 17:08 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 17:08 . 2013-04-30 17:08 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 17:08 . 2013-04-30 17:08 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 17:08 . 2013-04-30 17:08 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 17:08 . 2013-04-30 17:08 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 17:08 . 2013-04-30 17:08 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 17:08 . 2013-04-30 17:08 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 17:08 . 2013-04-30 17:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 17:08 . 2013-04-30 17:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 17:08 . 2013-04-30 17:08 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 17:08 . 2013-04-30 17:08 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 17:08 . 2013-04-30 17:08 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 17:08 . 2013-04-30 17:08 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 17:08 . 2013-04-30 17:08 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 17:08 . 2013-04-30 17:08 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 17:08 . 2013-04-30 17:08 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 17:08 . 2013-04-30 17:08 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 17:08 . 2013-04-30 17:08 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 17:08 . 2013-04-30 17:08 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 17:08 . 2013-04-30 17:08 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 17:08 . 2013-04-30 17:08 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 17:08 . 2013-04-30 17:08 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 17:08 . 2013-04-30 17:08 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 17:08 . 2013-04-30 17:08 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 17:08 . 2013-04-30 17:08 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 17:08 . 2013-04-30 17:08 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 17:08 . 2013-04-30 17:08 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 17:08 . 2013-04-30 17:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 17:08 . 2013-04-30 17:08 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 17:08 . 2013-04-30 17:08 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 17:08 . 2013-04-30 17:08 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 17:08 . 2013-04-30 17:08 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 17:08 . 2013-04-30 17:08 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 17:08 . 2013-04-30 17:08 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 17:08 . 2013-04-30 17:08 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 17:08 . 2013-04-30 17:08 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 17:08 . 2013-04-30 17:08 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 17:08 . 2013-04-30 17:08 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 17:08 . 2013-04-30 17:08 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 17:08 . 2013-04-30 17:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 17:08 . 2013-04-30 17:08 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 17:08 . 2013-04-30 17:08 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-26 05:51 . 2013-06-12 12:59 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 12:59 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 12:59 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Server4PC.lnk - c:\program files (x86)\TechniSat DVB\bin\Server4PC.exe [2012-1-26 309848]
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe -s [2012-4-18 1572864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SKYNETU2C;TechniSat DVB-PC TV Star USB HD;c:\windows\system32\DRIVERS\SkyNetU2C_AMD64.SYS;c:\windows\SYSNATIVE\DRIVERS\SkyNetU2C_AMD64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 13:32]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 19:38]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 19:38]
.
2013-07-21 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-15 7288424]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-07-21 11:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-21 11:43; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-07-21 11:55; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2012-03-11 19:20; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-38236766.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-21 22:53:09
ComboFix-quarantined-files.txt 2013-07-21 20:53
.
Vor Suchlauf: 11 Verzeichnis(se), 40.604.184.576 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 42.201.767.936 Bytes frei
.
- - End Of File - - A396BD8D5B9ADC6AE0F97671ECD7A070
A36C5E4F47E84449FF07ED3517B43A31
keep_smile |
|
22.07.2013, 08:59
| #6 |
| /// the machine /// TB-Ausbilder | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden |
|
22.07.2013, 12:30
| #7 |
| | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden Hallo schrauber, hier die Logs. AdwCleaner.txt Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 12:49:41 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [929 octets] - [21/07/2013 13:14:32]
AdwCleaner[S1].txt - [1409 octets] - [21/07/2013 12:46:09]
AdwCleaner[S2].txt - [859 octets] - [22/07/2013 12:49:41]
########## EOF - C:\AdwCleaner[S2].txt - [918 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.0 (07.21.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 22.07.2013 at 12:55:15,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{47D354BB-583D-49D0-B585-A1E525362CF4}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\i0ekc3bw.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2013 at 12:58:39,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by *** (administrator) on 22-07-2013 13:25:44
Running from C:\Users\***\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Edimax Technology Co., Ltd.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Privat\...\Run: [HP Photosmart 5510 series (NET)] - "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2353900W05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\Privat\...\Policies\system: [DisableLockWorkstation] 0
HKU\UpdatusUser\...\Run: [HP Photosmart 5510 series (NET)] - "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2353900W05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\UpdatusUser\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
ShortcutTarget: Server4PC.lnk -> C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co., Ltd.)
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
==================== Drivers (Whitelisted) ====================
S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [32088 2013-06-02] ()
S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [32088 2013-06-02] ()
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [52440 2012-12-26] (Asmedia Technology)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-21] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 SKYNETU2C; C:\Windows\System32\DRIVERS\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 13:23 - 2013-07-22 13:23 - 01779363 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 13:21 - 2013-07-22 12:49 - 00000986 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-22 12:58 - 2013-07-22 12:58 - 00000911 _____ C:\Users\***\Desktop\JRT.txt
2013-07-22 12:55 - 2013-07-22 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 12:49 - 2013-07-22 12:49 - 00000986 _____ C:\AdwCleaner[S1].txt
2013-07-22 12:48 - 2013-07-22 12:48 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-22 12:46 - 2013-07-22 12:46 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-22 08:46 - 2013-03-06 13:44 - 00000000 ____D C:\Users\***\Downloads\Driver
2013-07-22 08:46 - 2012-11-30 21:06 - 00000230 _____ C:\Users\***\Downloads\Station Drivers ici tous les drivers nouveaux & anciens.url
2013-07-22 08:46 - 2012-11-14 12:39 - 04311241 _____ (Asmedia Technology) C:\Users\***\Downloads\setup.exe
2013-07-22 08:46 - 2012-11-08 13:41 - 00418632 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys
2013-07-22 08:46 - 2012-11-08 13:41 - 00139592 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys
2013-07-22 08:46 - 2012-10-31 15:50 - 00006075 _____ C:\Users\***\Downloads\readme.txt
2013-07-22 08:45 - 2013-07-22 08:45 - 04520807 _____ (Igor Pavlov) C:\Users\***\Downloads\asmedia_usb3_11.6.4WHQL(www.station-drivers.com).exe
2013-07-22 08:27 - 2013-07-22 08:27 - 00000000 ____D C:\Users\***\Downloads\HD
2013-07-22 08:27 - 2013-05-28 22:37 - 03432776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-07-22 08:27 - 2013-05-28 17:27 - 00581517 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-07-22 08:27 - 2013-05-27 18:37 - 25625088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-07-22 08:27 - 2013-05-27 16:37 - 04820248 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2013-07-22 08:27 - 2013-05-27 16:34 - 00748888 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-07-22 08:27 - 2013-05-26 23:24 - 05459436 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-07-22 08:27 - 2013-05-24 17:40 - 00142408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-07-22 08:27 - 2013-05-22 11:24 - 03744328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-07-22 08:27 - 2013-05-20 16:16 - 01003592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-07-22 08:27 - 2013-05-20 14:36 - 02794056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-07-22 08:27 - 2013-05-02 12:01 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2013-07-22 08:27 - 2013-05-02 12:01 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2013-07-22 08:27 - 2013-05-02 12:00 - 00920320 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-07-22 08:27 - 2013-04-30 14:28 - 00916016 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-07-22 08:27 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-07-22 08:27 - 2013-04-23 00:40 - 02735648 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-07-22 08:27 - 2013-04-18 13:49 - 14035712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2013-07-22 08:27 - 2013-04-18 13:48 - 03138304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2013-07-22 08:27 - 2013-04-18 13:48 - 01903872 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-07-22 08:27 - 2013-04-16 06:23 - 00834328 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2013-07-22 08:27 - 2013-04-16 06:23 - 00635160 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech64.dll
2013-07-22 08:27 - 2013-04-16 06:23 - 00528152 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo64.dll
2013-07-22 08:27 - 2013-04-16 06:23 - 00215320 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2013-07-22 08:27 - 2013-04-15 11:19 - 00722688 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2013-07-22 08:27 - 2013-04-08 17:37 - 00148912 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2013-07-22 08:27 - 2013-04-08 17:36 - 00858032 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2013-07-22 08:27 - 2013-04-08 17:36 - 00569256 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2013-07-22 08:27 - 2013-04-03 22:02 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-07-22 08:27 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-07-22 08:25 - 2013-07-22 08:26 - 184018840 _____ C:\Users\***\Downloads\realtek_hd_audio.zip
2013-07-22 08:19 - 2013-07-22 08:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-22 08:19 - 2013-07-22 08:19 - 00000000 ____D C:\Program Files\Realtek
2013-07-22 08:19 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-07-22 08:19 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-07-22 08:19 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-07-22 08:19 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-07-22 08:19 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-07-22 08:19 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-07-22 08:19 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-07-22 08:19 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-07-22 08:18 - 2013-03-23 03:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-07-22 08:18 - 2013-03-20 13:17 - 09123608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2013-07-22 08:18 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-07-22 08:18 - 2012-12-12 11:17 - 00395208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-07-22 08:18 - 2012-10-02 14:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2013-07-22 08:18 - 2012-10-02 14:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2013-07-22 08:18 - 2012-10-02 14:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2013-07-22 08:18 - 2012-09-10 20:06 - 00612728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2013-07-22 08:18 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-07-22 08:18 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-07-22 08:18 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-07-22 08:18 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-07-22 08:18 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-07-22 08:18 - 2012-07-15 21:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-07-22 08:18 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-07-22 08:18 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-07-22 08:18 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-07-22 08:18 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-07-22 08:18 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2013-07-22 08:18 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2013-07-22 08:18 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2013-07-22 08:18 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-07-22 08:18 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-07-22 08:18 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-07-22 08:18 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-07-22 08:13 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-07-22 08:13 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-07-22 08:13 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-07-22 08:13 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-07-22 08:13 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-07-22 08:13 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-07-22 08:13 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-07-22 08:13 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-07-22 08:13 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-07-22 08:13 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-07-22 08:13 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-07-22 08:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-07-22 08:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-07-22 08:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-07-22 08:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-07-22 08:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-07-22 08:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-07-22 08:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-07-22 08:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-07-22 08:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-07-22 08:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-07-22 08:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-07-22 08:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-07-22 08:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-07-22 08:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-07-22 08:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-07-22 08:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-07-22 08:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-07-22 08:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-07-22 08:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-07-22 08:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-07-22 08:13 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-07-22 08:13 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-07-22 08:13 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-07-22 08:13 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-07-22 08:13 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-07-22 08:13 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-07-22 08:13 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-07-22 08:13 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-07-22 08:13 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-07-22 08:13 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-07-22 08:13 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-07-22 08:13 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-07-22 08:13 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-07-22 08:13 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-07-22 08:12 - 2013-07-22 08:13 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-07-22 08:11 - 2013-07-22 08:13 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-22 08:11 - 2013-07-22 08:11 - 00292184 _____ (Microsoft Corporation) C:\Users\***\Downloads\dxwebsetup.exe
2013-07-22 08:10 - 2013-07-22 08:13 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\***\Downloads\64bit_Vista_Win7_Win8_R271.exe
2013-07-22 08:09 - 2013-07-22 08:09 - 00869654 _____ C:\Users\***\Downloads\Driver_Win7_7072_05222013.zip
2013-07-22 07:59 - 2013-04-10 05:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2013-07-22 07:50 - 2013-04-01 14:06 - 02079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-07-22 07:48 - 2013-07-22 07:59 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-22 07:39 - 2013-07-22 07:39 - 00000000 ____D C:\Program Files (x86)\ASM106xSATA
2013-07-22 07:38 - 2013-07-22 07:38 - 03235565 _____ C:\Users\***\Downloads\asm_sata3_1.4.1.0.zip
2013-07-22 07:30 - 2012-08-22 10:19 - 00011832 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\acpimof.dll
2013-07-22 07:29 - 2013-07-22 07:29 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 23:16 - 2013-07-21 23:16 - 00000000 ____D C:\Users\***\Downloads\p95v279.win64
2013-07-21 22:53 - 2013-07-21 22:53 - 00024674 _____ C:\ComboFix.txt
2013-07-21 22:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-21 22:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-21 22:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-21 22:47 - 2013-07-21 22:53 - 00000000 ____D C:\Qoobox
2013-07-21 22:47 - 2013-07-21 22:53 - 00000000 ____D C:\ComboFix
2013-07-21 22:47 - 2013-07-21 22:52 - 00000000 ____D C:\Windows\erdnt
2013-07-21 22:45 - 2013-07-21 22:45 - 05093416 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-21 15:49 - 2013-07-21 15:49 - 00021648 _____ C:\Users\***\Desktop\Addition.txt
2013-07-21 15:49 - 2013-07-21 15:49 - 00000000 ____D C:\FRST
2013-07-21 15:45 - 2013-07-21 15:45 - 05881080 _____ (Intel Corporation) C:\Users\***\Downloads\infinst_autol.exe
2013-07-21 15:45 - 2013-07-21 15:45 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-21 15:45 - 2013-02-27 15:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Users\***\SystemRequirementsLab
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-21 15:32 - 2013-07-21 15:32 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Macromedia
2013-07-21 15:17 - 2013-07-21 15:17 - 00000072 _____ C:\3EDC4RFV.dat
2013-07-21 15:13 - 2013-07-21 15:13 - 06003527 _____ C:\Users\***\Downloads\7740v23.zip
2013-07-21 13:56 - 2013-07-21 13:56 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-21 13:51 - 2013-07-21 13:51 - 00078662 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-21 13:50 - 2013-07-21 13:50 - 00073884 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-21 13:38 - 2013-07-21 13:38 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-21 13:37 - 2013-07-21 13:37 - 00000480 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-21 13:37 - 2013-07-21 13:37 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 13:36 - 2013-07-21 13:36 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-21 12:59 - 2013-07-21 12:59 - 01376768 _____ C:\Users\***\Downloads\7z920-x64.msi
2013-07-21 12:59 - 2013-07-21 12:59 - 00000000 ____D C:\Program Files\7-Zip
2013-07-21 12:45 - 2013-07-21 12:45 - 00666633 _____ C:\Users\***\Downloads\adwcleaner06.exe
2013-07-21 12:12 - 2013-07-21 12:12 - 00000000 ____D C:\Program Files (x86)\FinalWire
2013-07-21 12:11 - 2013-07-21 12:11 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-21 12:11 - 2013-07-21 12:11 - 00000000 ____D C:\Program Files\CCleaner
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 12:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-21 12:04 - 2013-07-21 12:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-21 11:55 - 2013-07-22 08:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-21 11:55 - 2013-07-21 11:56 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-21 11:55 - 2013-07-21 11:56 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-21 11:55 - 2013-07-21 11:56 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-21 11:55 - 2013-07-21 11:55 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-21 11:55 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-21 11:55 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-21 11:55 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-21 11:52 - 2013-07-21 11:52 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-07-21 11:50 - 2013-07-21 11:50 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-21 11:50 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-21 11:50 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-21 11:50 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-21 11:50 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-21 11:50 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-21 11:50 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-21 11:49 - 2013-07-21 11:49 - 15199352 _____ (FinalWire Ltd. ) C:\Users\***\Downloads\aida64extreme300.exe
2013-07-21 11:48 - 2013-07-21 11:49 - 117478104 _____ C:\Users\***\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-21 11:48 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-07-21 11:48 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-07-21 11:48 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-21 11:48 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-07-21 11:48 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-21 11:48 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-21 11:48 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-21 11:45 - 2013-07-21 11:48 - 00000002 _____ C:\AvastSetup.log
2013-07-21 11:45 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-21 11:45 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-21 11:45 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-21 11:45 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-21 11:45 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-21 11:45 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-21 11:40 - 2013-07-21 12:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-21 11:40 - 2013-07-21 11:40 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 11:37 - 2013-07-21 11:37 - 00280368 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup Stub 22.0.exe
2013-07-21 11:35 - 2013-07-21 11:35 - 00293328 _____ C:\Windows\Minidump\072113-8907-01.dmp
2013-07-21 11:14 - 2013-07-21 11:14 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe
2013-07-04 22:22 - 2013-07-22 08:33 - 00000000 ____D C:\Users\***\Downloads\asm_sata3_1.4.1.0
2013-07-04 22:22 - 2012-12-26 19:27 - 00052440 _____ (Asmedia Technology) C:\Windows\system32\Drivers\asahci64.sys
2013-07-04 22:22 - 2012-09-03 17:04 - 00041984 _____ (Asmedia Technology) C:\Windows\system32\ahcipp64.dll
2013-07-04 15:10 - 2013-07-04 15:12 - 00000000 ____D C:\ProgramData\A86F7BE40715AB180000A86ED37DB398
2013-06-26 20:13 - 2013-06-26 20:14 - 00000000 ____D C:\Users\***\Documents\Probleme (Lichtenhain)
==================== One Month Modified Files and Folders =======
2013-07-22 13:23 - 2013-07-22 13:23 - 01779363 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 13:01 - 2012-09-27 16:55 - 00000264 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-07-22 12:58 - 2013-07-22 12:58 - 00000911 _____ C:\Users\***\Desktop\JRT.txt
2013-07-22 12:55 - 2013-07-22 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 12:53 - 2013-03-15 21:38 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-22 12:53 - 2013-03-15 21:38 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-22 12:50 - 2012-01-23 15:12 - 01637893 _____ C:\Windows\WindowsUpdate.log
2013-07-22 12:50 - 2011-11-28 09:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-22 12:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 12:50 - 2009-07-14 06:51 - 00127899 _____ C:\Windows\setupact.log
2013-07-22 12:50 - 2009-07-14 06:45 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 12:50 - 2009-07-14 06:45 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 12:49 - 2013-07-22 13:21 - 00000986 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-22 12:49 - 2013-07-22 12:49 - 00000986 _____ C:\AdwCleaner[S1].txt
2013-07-22 12:48 - 2013-07-22 12:48 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-22 12:46 - 2013-07-22 12:46 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-22 08:45 - 2013-07-22 08:45 - 04520807 _____ (Igor Pavlov) C:\Users\***\Downloads\asmedia_usb3_11.6.4WHQL(www.station-drivers.com).exe
2013-07-22 08:41 - 2012-04-17 12:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 08:33 - 2013-07-04 22:22 - 00000000 ____D C:\Users\***\Downloads\asm_sata3_1.4.1.0
2013-07-22 08:30 - 2013-07-21 11:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 08:27 - 2013-07-22 08:27 - 00000000 ____D C:\Users\***\Downloads\HD
2013-07-22 08:27 - 2013-07-22 08:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-22 08:26 - 2013-07-22 08:25 - 184018840 _____ C:\Users\***\Downloads\realtek_hd_audio.zip
2013-07-22 08:19 - 2013-07-22 08:19 - 00000000 ____D C:\Program Files\Realtek
2013-07-22 08:18 - 2010-11-21 05:47 - 00144382 _____ C:\Windows\PFRO.log
2013-07-22 08:13 - 2013-07-22 08:12 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-07-22 08:13 - 2013-07-22 08:11 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-22 08:13 - 2013-07-22 08:10 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\***\Downloads\64bit_Vista_Win7_Win8_R271.exe
2013-07-22 08:13 - 2011-11-08 12:44 - 00361047 _____ C:\Windows\DirectX.log
2013-07-22 08:11 - 2013-07-22 08:11 - 00292184 _____ (Microsoft Corporation) C:\Users\***\Downloads\dxwebsetup.exe
2013-07-22 08:10 - 2013-05-22 05:13 - 00000000 ____D C:\Users\***\Downloads\Driver_Win7_7072_05222013
2013-07-22 08:09 - 2013-07-22 08:09 - 00869654 _____ C:\Users\***\Downloads\Driver_Win7_7072_05222013.zip
2013-07-22 08:03 - 2012-07-20 20:14 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2013-07-22 07:59 - 2013-07-22 07:48 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-22 07:59 - 2011-11-28 09:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-22 07:44 - 2012-04-01 12:12 - 00000000 ____D C:\Users\***\AppData\Roaming\SoftGrid Client
2013-07-22 07:39 - 2013-07-22 07:39 - 00000000 ____D C:\Program Files (x86)\ASM106xSATA
2013-07-22 07:39 - 2011-11-14 13:18 - 00012790 _____ C:\Windows\DPINST.LOG
2013-07-22 07:38 - 2013-07-22 07:38 - 03235565 _____ C:\Users\***\Downloads\asm_sata3_1.4.1.0.zip
2013-07-22 07:29 - 2013-07-22 07:29 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 23:16 - 2013-07-21 23:16 - 00000000 ____D C:\Users\***\Downloads\p95v279.win64
2013-07-21 22:53 - 2013-07-21 22:53 - 00024674 _____ C:\ComboFix.txt
2013-07-21 22:53 - 2013-07-21 22:47 - 00000000 ____D C:\Qoobox
2013-07-21 22:53 - 2013-07-21 22:47 - 00000000 ____D C:\ComboFix
2013-07-21 22:52 - 2013-07-21 22:47 - 00000000 ____D C:\Windows\erdnt
2013-07-21 22:52 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-21 22:45 - 2013-07-21 22:45 - 05093416 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-21 15:49 - 2013-07-21 15:49 - 00021648 _____ C:\Users\***\Desktop\Addition.txt
2013-07-21 15:49 - 2013-07-21 15:49 - 00000000 ____D C:\FRST
2013-07-21 15:45 - 2013-07-21 15:45 - 05881080 _____ (Intel Corporation) C:\Users\***\Downloads\infinst_autol.exe
2013-07-21 15:45 - 2013-07-21 15:45 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Users\***\SystemRequirementsLab
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-21 15:42 - 2012-01-23 15:12 - 00000000 ____D C:\Users\***
2013-07-21 15:35 - 2010-11-21 08:50 - 03897460 _____ C:\Windows\system32\perfh007.dat
2013-07-21 15:35 - 2010-11-21 08:50 - 01137722 _____ C:\Windows\system32\perfc007.dat
2013-07-21 15:35 - 2009-07-14 07:13 - 00005430 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 15:32 - 2013-07-21 15:32 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Macromedia
2013-07-21 15:32 - 2012-04-17 12:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 15:32 - 2012-04-17 12:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 15:32 - 2012-04-17 12:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 15:23 - 2011-11-28 09:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-21 15:17 - 2013-07-21 15:17 - 00000072 _____ C:\3EDC4RFV.dat
2013-07-21 15:13 - 2013-07-21 15:13 - 06003527 _____ C:\Users\***\Downloads\7740v23.zip
2013-07-21 14:08 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-21 13:56 - 2013-07-21 13:56 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-21 13:51 - 2013-07-21 13:51 - 00078662 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-21 13:50 - 2013-07-21 13:50 - 00073884 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-21 13:38 - 2013-07-21 13:38 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-21 13:37 - 2013-07-21 13:37 - 00000480 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-21 13:37 - 2013-07-21 13:37 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 13:36 - 2013-07-21 13:36 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-21 12:59 - 2013-07-21 12:59 - 01376768 _____ C:\Users\***\Downloads\7z920-x64.msi
2013-07-21 12:59 - 2013-07-21 12:59 - 00000000 ____D C:\Program Files\7-Zip
2013-07-21 12:45 - 2013-07-21 12:45 - 00666633 _____ C:\Users\***\Downloads\adwcleaner06.exe
2013-07-21 12:12 - 2013-07-21 12:12 - 00000000 ____D C:\Program Files (x86)\FinalWire
2013-07-21 12:12 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-21 12:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-21 12:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-21 12:11 - 2013-07-21 12:11 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-21 12:11 - 2013-07-21 12:11 - 00000000 ____D C:\Program Files\CCleaner
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 12:07 - 2012-03-23 15:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-21 12:07 - 2012-03-23 15:26 - 00000000 ____D C:\ProgramData\Adobe
2013-07-21 12:06 - 2012-03-23 15:38 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Adobe
2013-07-21 12:04 - 2013-07-21 12:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 12:04 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-21 12:04 - 2012-10-02 15:58 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 12:04 - 2012-10-02 15:58 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 12:04 - 2012-04-17 12:24 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-21 11:56 - 2013-07-21 11:55 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-21 11:56 - 2013-07-21 11:55 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-21 11:56 - 2013-07-21 11:55 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-21 11:55 - 2013-07-21 11:55 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-21 11:52 - 2013-07-21 11:52 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-07-21 11:50 - 2013-07-21 11:50 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-21 11:49 - 2013-07-21 11:49 - 15199352 _____ (FinalWire Ltd. ) C:\Users\***\Downloads\aida64extreme300.exe
2013-07-21 11:49 - 2013-07-21 11:48 - 117478104 _____ C:\Users\***\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-21 11:48 - 2013-07-21 11:45 - 00000002 _____ C:\AvastSetup.log
2013-07-21 11:48 - 2013-03-15 21:38 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-21 11:48 - 2013-03-15 21:38 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-21 11:40 - 2013-07-21 11:40 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 11:37 - 2013-07-21 11:37 - 00280368 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup Stub 22.0.exe
2013-07-21 11:35 - 2013-07-21 11:35 - 00293328 _____ C:\Windows\Minidump\072113-8907-01.dmp
2013-07-21 11:35 - 2012-02-29 19:32 - 520651347 _____ C:\Windows\MEMORY.DMP
2013-07-21 11:35 - 2012-02-29 19:32 - 00000000 ____D C:\Windows\Minidump
2013-07-21 11:21 - 2012-03-11 20:19 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-21 11:21 - 2012-03-11 20:17 - 00002632 _____ C:\ProgramData\hpzinstall.log
2013-07-21 11:14 - 2013-07-21 11:14 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe
2013-07-09 13:26 - 2013-01-07 16:29 - 00000000 ____D C:\Users\***\Documents\German Truck Simulator
2013-07-09 13:17 - 2013-04-12 21:57 - 00000000 ____D C:\Users\***\Documents\Trucks & Trailers
2013-07-04 15:12 - 2013-07-04 15:10 - 00000000 ____D C:\ProgramData\A86F7BE40715AB180000A86ED37DB398
2013-06-26 20:14 - 2013-06-26 20:13 - 00000000 ____D C:\Users\***\Documents\Probleme (Lichtenhain)
2013-06-25 18:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-24 00:57 - 2011-11-08 13:28 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-22 13:13
==================== End Of Log ============================
Grüße keep_smile |
|
22.07.2013, 13:56
| #8 |
| /// the machine /// TB-Ausbilder | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2013, 19:21
| #9 |
| | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden So, hat bisschen gedauert, aber hier die Logs. ESET hat ein Java Exploid gefunden und SecurityCheck wurde mit der Meldung "unsupported operating system" beendet (kein Log). ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=32b42725720a804693aea8f74ad6e8fe
# engine=14491
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-22 06:00:20
# local_time=2013-07-22 08:00:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 115460 151225892 0 0
# compatibility_mode=5893 16776573 100 94 25174 126145870 0 0
# scanned=216653
# found=1
# cleaned=0
# scan_time=17228
sh=4656596F795E025D4460E663FEB2950A8AF500E7 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OMX trojan" ac=I fn="C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\312a1db-6c59bb80"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by *** (administrator) on 22-07-2013 20:14:07
Running from C:\Users\***\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Edimax Technology Co., Ltd.) C:\Program Files (x86)\Edimax\Common\RaUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Privat\...\Run: [HP Photosmart 5510 series (NET)] - "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2353900W05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\Privat\...\Policies\system: [DisableLockWorkstation] 0
HKU\UpdatusUser\...\Run: [HP Photosmart 5510 series (NET)] - "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2353900W05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\UpdatusUser\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
ShortcutTarget: Server4PC.lnk -> C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\Edimax\Common\RaUI.exe (Edimax Technology Co., Ltd.)
Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i0ekc3bw.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [52440 2012-12-26] (Asmedia Technology)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-21] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 SKYNETU2C; C:\Windows\System32\DRIVERS\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 20:10 - 2013-07-22 20:10 - 00891062 _____ C:\Users\***\Desktop\SecurityCheck.exe
2013-07-22 15:11 - 2013-07-22 15:11 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-22 15:10 - 2013-07-22 15:10 - 02347384 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2013-07-22 15:06 - 2013-07-22 15:06 - 00000497 _____ C:\Users\***\Downloads\Bestellung Eric.txt
2013-07-22 13:51 - 2013-07-22 13:53 - 229594432 _____ (NVIDIA Corporation) C:\Users\***\Downloads\320.49-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-07-22 13:49 - 2013-07-22 13:49 - 00000000 ____D C:\Windows\Sun
2013-07-22 13:23 - 2013-07-22 13:23 - 01779363 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 13:21 - 2013-07-22 12:49 - 00000986 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-22 12:58 - 2013-07-22 12:58 - 00000911 _____ C:\Users\***\Desktop\JRT.txt
2013-07-22 12:55 - 2013-07-22 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 12:49 - 2013-07-22 12:49 - 00000986 _____ C:\AdwCleaner[S1].txt
2013-07-22 12:48 - 2013-07-22 12:48 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-22 12:46 - 2013-07-22 12:46 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-22 08:46 - 2013-03-06 13:44 - 00000000 ____D C:\Users\***\Downloads\Driver
2013-07-22 08:46 - 2012-11-30 21:06 - 00000230 _____ C:\Users\***\Downloads\Station Drivers ici tous les drivers nouveaux & anciens.url
2013-07-22 08:46 - 2012-11-14 12:39 - 04311241 _____ (Asmedia Technology) C:\Users\***\Downloads\setup.exe
2013-07-22 08:46 - 2012-11-08 13:41 - 00418632 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys
2013-07-22 08:46 - 2012-11-08 13:41 - 00139592 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys
2013-07-22 08:46 - 2012-10-31 15:50 - 00006075 _____ C:\Users\***\Downloads\readme.txt
2013-07-22 08:45 - 2013-07-22 08:45 - 04520807 _____ (Igor Pavlov) C:\Users\***\Downloads\asmedia_usb3_11.6.4WHQL(www.station-drivers.com).exe
2013-07-22 08:27 - 2013-07-22 08:27 - 00000000 ____D C:\Users\***\Downloads\HD
2013-07-22 08:27 - 2013-05-28 22:37 - 03432776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-07-22 08:27 - 2013-05-28 17:27 - 00581517 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-07-22 08:27 - 2013-05-27 18:37 - 25625088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-07-22 08:27 - 2013-05-27 16:37 - 04820248 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2013-07-22 08:27 - 2013-05-27 16:34 - 00748888 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-07-22 08:27 - 2013-05-26 23:24 - 05459436 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-07-22 08:27 - 2013-05-24 17:40 - 00142408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-07-22 08:27 - 2013-05-22 11:24 - 03744328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-07-22 08:27 - 2013-05-20 16:16 - 01003592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-07-22 08:27 - 2013-05-20 14:36 - 02794056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-07-22 08:27 - 2013-05-02 12:01 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2013-07-22 08:27 - 2013-05-02 12:01 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2013-07-22 08:27 - 2013-05-02 12:00 - 00920320 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-07-22 08:27 - 2013-04-30 14:28 - 00916016 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-07-22 08:27 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-07-22 08:27 - 2013-04-23 00:40 - 02735648 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-07-22 08:27 - 2013-04-18 13:49 - 14035712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2013-07-22 08:27 - 2013-04-18 13:48 - 03138304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2013-07-22 08:27 - 2013-04-18 13:48 - 01903872 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-07-22 08:27 - 2013-04-16 06:23 - 00834328 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2013-07-22 08:27 - 2013-04-16 06:23 - 00635160 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech64.dll
2013-07-22 08:27 - 2013-04-16 06:23 - 00528152 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo64.dll
2013-07-22 08:27 - 2013-04-16 06:23 - 00215320 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2013-07-22 08:27 - 2013-04-15 11:19 - 00722688 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2013-07-22 08:27 - 2013-04-08 17:37 - 00148912 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2013-07-22 08:27 - 2013-04-08 17:36 - 00858032 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2013-07-22 08:27 - 2013-04-08 17:36 - 00569256 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2013-07-22 08:27 - 2013-04-03 22:02 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-07-22 08:27 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-07-22 08:25 - 2013-07-22 08:26 - 184018840 _____ C:\Users\***\Downloads\realtek_hd_audio.zip
2013-07-22 08:19 - 2013-07-22 08:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-22 08:19 - 2013-07-22 08:19 - 00000000 ____D C:\Program Files\Realtek
2013-07-22 08:19 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-07-22 08:19 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-07-22 08:19 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-07-22 08:19 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-07-22 08:19 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-07-22 08:19 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-07-22 08:19 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-07-22 08:19 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-07-22 08:18 - 2013-03-23 03:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-07-22 08:18 - 2013-03-20 13:17 - 09123608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2013-07-22 08:18 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-07-22 08:18 - 2012-12-12 11:17 - 00395208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-07-22 08:18 - 2012-10-02 14:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2013-07-22 08:18 - 2012-10-02 14:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2013-07-22 08:18 - 2012-10-02 14:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2013-07-22 08:18 - 2012-09-10 20:06 - 00612728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2013-07-22 08:18 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-07-22 08:18 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-07-22 08:18 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-07-22 08:18 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-07-22 08:18 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-07-22 08:18 - 2012-07-15 21:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-07-22 08:18 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-07-22 08:18 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-07-22 08:18 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-07-22 08:18 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-07-22 08:18 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2013-07-22 08:18 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2013-07-22 08:18 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2013-07-22 08:18 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-07-22 08:18 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-07-22 08:18 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-07-22 08:18 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-07-22 08:18 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-07-22 08:18 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-07-22 08:13 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-07-22 08:13 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-07-22 08:13 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-07-22 08:13 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-07-22 08:13 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-07-22 08:13 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-07-22 08:13 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-07-22 08:13 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-07-22 08:13 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-07-22 08:13 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-07-22 08:13 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-07-22 08:13 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-07-22 08:13 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-07-22 08:13 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-07-22 08:13 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-07-22 08:13 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-07-22 08:13 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-07-22 08:13 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-07-22 08:13 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-07-22 08:13 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-07-22 08:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-07-22 08:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-07-22 08:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-07-22 08:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-07-22 08:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-07-22 08:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-07-22 08:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-07-22 08:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-07-22 08:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-07-22 08:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-07-22 08:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-07-22 08:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-07-22 08:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-07-22 08:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-07-22 08:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-07-22 08:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-07-22 08:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-07-22 08:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-07-22 08:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-07-22 08:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-07-22 08:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-07-22 08:13 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-07-22 08:13 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-07-22 08:13 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-07-22 08:13 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-07-22 08:13 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-07-22 08:13 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-07-22 08:13 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-07-22 08:13 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-07-22 08:13 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-07-22 08:13 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-07-22 08:13 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-07-22 08:13 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-07-22 08:13 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-07-22 08:13 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-07-22 08:13 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-07-22 08:13 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-07-22 08:12 - 2013-07-22 08:13 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-07-22 08:11 - 2013-07-22 08:13 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-22 08:11 - 2013-07-22 08:11 - 00292184 _____ (Microsoft Corporation) C:\Users\***\Downloads\dxwebsetup.exe
2013-07-22 08:10 - 2013-07-22 08:13 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\***\Downloads\64bit_Vista_Win7_Win8_R271.exe
2013-07-22 08:09 - 2013-07-22 08:09 - 00869654 _____ C:\Users\***\Downloads\Driver_Win7_7072_05222013.zip
2013-07-22 07:59 - 2013-04-10 05:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2013-07-22 07:50 - 2013-04-01 14:06 - 02079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-07-22 07:48 - 2013-07-22 07:59 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-22 07:39 - 2013-07-22 07:39 - 00000000 ____D C:\Program Files (x86)\ASM106xSATA
2013-07-22 07:38 - 2013-07-22 07:38 - 03235565 _____ C:\Users\***\Downloads\asm_sata3_1.4.1.0.zip
2013-07-22 07:30 - 2012-08-22 10:19 - 00011832 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\acpimof.dll
2013-07-22 07:29 - 2013-07-22 07:29 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 23:16 - 2013-07-21 23:16 - 00000000 ____D C:\Users\***\Downloads\p95v279.win64
2013-07-21 22:53 - 2013-07-21 22:53 - 00024674 _____ C:\ComboFix.txt
2013-07-21 22:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-21 22:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-21 22:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-21 22:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-21 22:47 - 2013-07-21 22:53 - 00000000 ____D C:\Qoobox
2013-07-21 22:47 - 2013-07-21 22:53 - 00000000 ____D C:\ComboFix
2013-07-21 22:47 - 2013-07-21 22:52 - 00000000 ____D C:\Windows\erdnt
2013-07-21 22:45 - 2013-07-21 22:45 - 05093416 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-21 15:49 - 2013-07-21 15:49 - 00021648 _____ C:\Users\***\Desktop\Addition.txt
2013-07-21 15:49 - 2013-07-21 15:49 - 00000000 ____D C:\FRST
2013-07-21 15:45 - 2013-07-21 15:45 - 05881080 _____ (Intel Corporation) C:\Users\***\Downloads\infinst_autol.exe
2013-07-21 15:45 - 2013-07-21 15:45 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-21 15:45 - 2013-02-27 15:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Users\***\SystemRequirementsLab
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-21 15:32 - 2013-07-21 15:32 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Macromedia
2013-07-21 15:17 - 2013-07-21 15:17 - 00000072 _____ C:\3EDC4RFV.dat
2013-07-21 15:13 - 2013-07-21 15:13 - 06003527 _____ C:\Users\***\Downloads\7740v23.zip
2013-07-21 13:56 - 2013-07-21 13:56 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-21 13:51 - 2013-07-21 13:51 - 00078662 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-21 13:50 - 2013-07-21 13:50 - 00073884 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-21 13:38 - 2013-07-21 13:38 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-21 13:37 - 2013-07-21 13:37 - 00000480 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-21 13:37 - 2013-07-21 13:37 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 13:36 - 2013-07-21 13:36 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-21 12:59 - 2013-07-21 12:59 - 01376768 _____ C:\Users\***\Downloads\7z920-x64.msi
2013-07-21 12:59 - 2013-07-21 12:59 - 00000000 ____D C:\Program Files\7-Zip
2013-07-21 12:45 - 2013-07-21 12:45 - 00666633 _____ C:\Users\***\Downloads\adwcleaner06.exe
2013-07-21 12:12 - 2013-07-21 12:12 - 00000000 ____D C:\Program Files (x86)\FinalWire
2013-07-21 12:11 - 2013-07-21 12:11 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-21 12:11 - 2013-07-21 12:11 - 00000000 ____D C:\Program Files\CCleaner
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 12:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-21 12:04 - 2013-07-21 12:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-21 11:55 - 2013-07-22 08:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-21 11:55 - 2013-07-21 11:56 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-21 11:55 - 2013-07-21 11:56 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-21 11:55 - 2013-07-21 11:56 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-21 11:55 - 2013-07-21 11:55 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-21 11:55 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-21 11:55 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-21 11:55 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-21 11:55 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-21 11:52 - 2013-07-21 11:52 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-07-21 11:50 - 2013-07-21 11:50 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-21 11:50 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-21 11:50 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-21 11:50 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-21 11:50 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-21 11:50 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-21 11:50 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-21 11:50 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-21 11:50 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-21 11:50 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-21 11:50 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-21 11:49 - 2013-07-21 11:49 - 15199352 _____ (FinalWire Ltd. ) C:\Users\***\Downloads\aida64extreme300.exe
2013-07-21 11:48 - 2013-07-21 11:49 - 117478104 _____ C:\Users\***\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-21 11:48 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-07-21 11:48 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-07-21 11:48 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-21 11:48 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-07-21 11:48 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-21 11:48 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-21 11:48 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-21 11:45 - 2013-07-21 11:48 - 00000002 _____ C:\AvastSetup.log
2013-07-21 11:45 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-21 11:45 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-21 11:45 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-21 11:45 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-21 11:45 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-21 11:45 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-21 11:40 - 2013-07-21 12:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-21 11:40 - 2013-07-21 11:40 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 11:37 - 2013-07-21 11:37 - 00280368 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup Stub 22.0.exe
2013-07-21 11:35 - 2013-07-21 11:35 - 00293328 _____ C:\Windows\Minidump\072113-8907-01.dmp
2013-07-21 11:14 - 2013-07-21 11:14 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe
2013-07-04 22:22 - 2013-07-22 08:33 - 00000000 ____D C:\Users\***\Downloads\asm_sata3_1.4.1.0
2013-07-04 22:22 - 2012-12-26 19:27 - 00052440 _____ (Asmedia Technology) C:\Windows\system32\Drivers\asahci64.sys
2013-07-04 22:22 - 2012-09-03 17:04 - 00041984 _____ (Asmedia Technology) C:\Windows\system32\ahcipp64.dll
2013-07-04 15:10 - 2013-07-04 15:12 - 00000000 ____D C:\ProgramData\A86F7BE40715AB180000A86ED37DB398
2013-06-26 20:13 - 2013-06-26 20:14 - 00000000 ____D C:\Users\***\Documents\Probleme (Lichtenhain)
==================== One Month Modified Files and Folders =======
2013-07-22 20:10 - 2013-07-22 20:10 - 00891062 _____ C:\Users\***\Desktop\SecurityCheck.exe
2013-07-22 20:01 - 2012-09-27 16:55 - 00000264 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-07-22 19:53 - 2013-03-15 21:38 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-22 19:45 - 2012-04-17 12:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 19:45 - 2009-07-14 06:45 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 19:45 - 2009-07-14 06:45 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 15:11 - 2013-07-22 15:11 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-22 15:10 - 2013-07-22 15:10 - 02347384 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2013-07-22 15:06 - 2013-07-22 15:06 - 00000497 _____ C:\Users\***\Downloads\Bestellung Eric.txt
2013-07-22 13:53 - 2013-07-22 13:51 - 229594432 _____ (NVIDIA Corporation) C:\Users\***\Downloads\320.49-desktop-win8-win7-winvista-64bit-international-whql.exe
2013-07-22 13:49 - 2013-07-22 13:49 - 00000000 ____D C:\Windows\Sun
2013-07-22 13:49 - 2011-11-28 09:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-22 13:23 - 2013-07-22 13:23 - 01779363 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-22 12:58 - 2013-07-22 12:58 - 00000911 _____ C:\Users\***\Desktop\JRT.txt
2013-07-22 12:55 - 2013-07-22 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-22 12:53 - 2013-03-15 21:38 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-22 12:53 - 2012-01-23 15:12 - 01640077 _____ C:\Windows\WindowsUpdate.log
2013-07-22 12:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 12:50 - 2009-07-14 06:51 - 00127899 _____ C:\Windows\setupact.log
2013-07-22 12:49 - 2013-07-22 13:21 - 00000986 _____ C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-22 12:49 - 2013-07-22 12:49 - 00000986 _____ C:\AdwCleaner[S1].txt
2013-07-22 12:48 - 2013-07-22 12:48 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-22 12:46 - 2013-07-22 12:46 - 00666633 _____ C:\Users\***\Desktop\adwcleaner.exe
2013-07-22 08:45 - 2013-07-22 08:45 - 04520807 _____ (Igor Pavlov) C:\Users\***\Downloads\asmedia_usb3_11.6.4WHQL(www.station-drivers.com).exe
2013-07-22 08:33 - 2013-07-04 22:22 - 00000000 ____D C:\Users\***\Downloads\asm_sata3_1.4.1.0
2013-07-22 08:30 - 2013-07-21 11:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 08:27 - 2013-07-22 08:27 - 00000000 ____D C:\Users\***\Downloads\HD
2013-07-22 08:27 - 2013-07-22 08:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-07-22 08:26 - 2013-07-22 08:25 - 184018840 _____ C:\Users\***\Downloads\realtek_hd_audio.zip
2013-07-22 08:19 - 2013-07-22 08:19 - 00000000 ____D C:\Program Files\Realtek
2013-07-22 08:18 - 2010-11-21 05:47 - 00144382 _____ C:\Windows\PFRO.log
2013-07-22 08:13 - 2013-07-22 08:12 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-07-22 08:13 - 2013-07-22 08:11 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-22 08:13 - 2013-07-22 08:10 - 81891861 _____ (Realtek Semiconductor Corp.) C:\Users\***\Downloads\64bit_Vista_Win7_Win8_R271.exe
2013-07-22 08:13 - 2011-11-08 12:44 - 00361047 _____ C:\Windows\DirectX.log
2013-07-22 08:11 - 2013-07-22 08:11 - 00292184 _____ (Microsoft Corporation) C:\Users\***\Downloads\dxwebsetup.exe
2013-07-22 08:10 - 2013-05-22 05:13 - 00000000 ____D C:\Users\***\Downloads\Driver_Win7_7072_05222013
2013-07-22 08:09 - 2013-07-22 08:09 - 00869654 _____ C:\Users\***\Downloads\Driver_Win7_7072_05222013.zip
2013-07-22 08:03 - 2012-07-20 20:14 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2013-07-22 07:59 - 2013-07-22 07:48 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-22 07:59 - 2011-11-28 09:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-22 07:44 - 2012-04-01 12:12 - 00000000 ____D C:\Users\***\AppData\Roaming\SoftGrid Client
2013-07-22 07:39 - 2013-07-22 07:39 - 00000000 ____D C:\Program Files (x86)\ASM106xSATA
2013-07-22 07:39 - 2011-11-14 13:18 - 00012790 _____ C:\Windows\DPINST.LOG
2013-07-22 07:38 - 2013-07-22 07:38 - 03235565 _____ C:\Users\***\Downloads\asm_sata3_1.4.1.0.zip
2013-07-22 07:29 - 2013-07-22 07:29 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 23:16 - 2013-07-21 23:16 - 00000000 ____D C:\Users\***\Downloads\p95v279.win64
2013-07-21 22:53 - 2013-07-21 22:53 - 00024674 _____ C:\ComboFix.txt
2013-07-21 22:53 - 2013-07-21 22:47 - 00000000 ____D C:\Qoobox
2013-07-21 22:53 - 2013-07-21 22:47 - 00000000 ____D C:\ComboFix
2013-07-21 22:52 - 2013-07-21 22:47 - 00000000 ____D C:\Windows\erdnt
2013-07-21 22:52 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-21 22:45 - 2013-07-21 22:45 - 05093416 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2013-07-21 15:49 - 2013-07-21 15:49 - 00021648 _____ C:\Users\***\Desktop\Addition.txt
2013-07-21 15:49 - 2013-07-21 15:49 - 00000000 ____D C:\FRST
2013-07-21 15:45 - 2013-07-21 15:45 - 05881080 _____ (Intel Corporation) C:\Users\***\Downloads\infinst_autol.exe
2013-07-21 15:45 - 2013-07-21 15:45 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Users\***\SystemRequirementsLab
2013-07-21 15:42 - 2013-07-21 15:42 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-21 15:42 - 2012-01-23 15:12 - 00000000 ____D C:\Users\***
2013-07-21 15:35 - 2010-11-21 08:50 - 03897460 _____ C:\Windows\system32\perfh007.dat
2013-07-21 15:35 - 2010-11-21 08:50 - 01137722 _____ C:\Windows\system32\perfc007.dat
2013-07-21 15:35 - 2009-07-14 07:13 - 00005430 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 15:32 - 2013-07-21 15:32 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Macromedia
2013-07-21 15:32 - 2012-04-17 12:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 15:32 - 2012-04-17 12:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 15:32 - 2012-04-17 12:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 15:23 - 2011-11-28 09:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-21 15:17 - 2013-07-21 15:17 - 00000072 _____ C:\3EDC4RFV.dat
2013-07-21 15:13 - 2013-07-21 15:13 - 06003527 _____ C:\Users\***\Downloads\7740v23.zip
2013-07-21 14:08 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-21 13:56 - 2013-07-21 13:56 - 00377856 _____ C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-07-21 13:51 - 2013-07-21 13:51 - 00078662 _____ C:\Users\***\Desktop\Extras.Txt
2013-07-21 13:50 - 2013-07-21 13:50 - 00073884 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-21 13:38 - 2013-07-21 13:38 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-21 13:37 - 2013-07-21 13:37 - 00000480 _____ C:\Users\***\Desktop\defogger_disable.log
2013-07-21 13:37 - 2013-07-21 13:37 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-21 13:36 - 2013-07-21 13:36 - 00050477 _____ C:\Users\***\Desktop\Defogger.exe
2013-07-21 12:59 - 2013-07-21 12:59 - 01376768 _____ C:\Users\***\Downloads\7z920-x64.msi
2013-07-21 12:59 - 2013-07-21 12:59 - 00000000 ____D C:\Program Files\7-Zip
2013-07-21 12:45 - 2013-07-21 12:45 - 00666633 _____ C:\Users\***\Downloads\adwcleaner06.exe
2013-07-21 12:12 - 2013-07-21 12:12 - 00000000 ____D C:\Program Files (x86)\FinalWire
2013-07-21 12:12 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-21 12:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-21 12:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-21 12:11 - 2013-07-21 12:11 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-21 12:11 - 2013-07-21 12:11 - 00000000 ____D C:\Program Files\CCleaner
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Users\***\AppData\Roaming\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 12:10 - 2013-07-21 12:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 12:07 - 2012-03-23 15:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-21 12:07 - 2012-03-23 15:26 - 00000000 ____D C:\ProgramData\Adobe
2013-07-21 12:06 - 2012-03-23 15:38 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Adobe
2013-07-21 12:04 - 2013-07-21 12:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-21 12:04 - 2013-07-21 12:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-21 12:04 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-21 12:04 - 2012-10-02 15:58 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-21 12:04 - 2012-10-02 15:58 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-21 12:04 - 2012-04-17 12:24 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-21 12:02 - 2013-07-21 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-21 11:56 - 2013-07-21 11:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-21 11:56 - 2013-07-21 11:55 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-21 11:56 - 2013-07-21 11:55 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-21 11:56 - 2013-07-21 11:55 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-21 11:55 - 2013-07-21 11:55 - 00001928 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-21 11:55 - 2013-07-21 11:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-21 11:52 - 2013-07-21 11:52 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-07-21 11:50 - 2013-07-21 11:50 - 04396440 _____ (Piriform Ltd) C:\Users\***\Downloads\ccsetup403.exe
2013-07-21 11:49 - 2013-07-21 11:49 - 15199352 _____ (FinalWire Ltd. ) C:\Users\***\Downloads\aida64extreme300.exe
2013-07-21 11:49 - 2013-07-21 11:48 - 117478104 _____ C:\Users\***\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-07-21 11:48 - 2013-07-21 11:45 - 00000002 _____ C:\AvastSetup.log
2013-07-21 11:48 - 2013-03-15 21:38 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-21 11:48 - 2013-03-15 21:38 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-21 11:40 - 2013-07-21 11:40 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\***\AppData\Roaming\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Users\HOLZHA~1\AppData\Local\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-21 11:40 - 2013-07-21 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-21 11:37 - 2013-07-21 11:37 - 00280368 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup Stub 22.0.exe
2013-07-21 11:35 - 2013-07-21 11:35 - 00293328 _____ C:\Windows\Minidump\072113-8907-01.dmp
2013-07-21 11:35 - 2012-02-29 19:32 - 520651347 _____ C:\Windows\MEMORY.DMP
2013-07-21 11:35 - 2012-02-29 19:32 - 00000000 ____D C:\Windows\Minidump
2013-07-21 11:21 - 2012-03-11 20:19 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-21 11:21 - 2012-03-11 20:17 - 00002632 _____ C:\ProgramData\hpzinstall.log
2013-07-21 11:14 - 2013-07-21 11:14 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe
2013-07-09 13:26 - 2013-01-07 16:29 - 00000000 ____D C:\Users\***\Documents\German Truck Simulator
2013-07-09 13:17 - 2013-04-12 21:57 - 00000000 ____D C:\Users\***\Documents\Trucks & Trailers
2013-07-04 15:12 - 2013-07-04 15:10 - 00000000 ____D C:\ProgramData\A86F7BE40715AB180000A86ED37DB398
2013-06-26 20:14 - 2013-06-26 20:13 - 00000000 ____D C:\Users\***\Documents\Probleme (Lichtenhain)
2013-06-25 18:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-24 00:57 - 2011-11-08 13:28 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-22 13:13
==================== End Of Log ============================
Probleme sind mir bis jetzt keine weiter aufgefallen. Aber ich möchte mich schonmal für Deine bisherige Hilfe bedanken.  Hoffe wir bekommen den Rechner wieder halbwegs sauber. Grüße keep_smile |
|
22.07.2013, 20:30
| #10 |
| /// the machine /// TB-Ausbilder | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden Der is schon sauber, der eine Fund ist nur in den temps Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2013, 07:20
| #11 |
| | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden Guten Morgen schrauber, ich habe jetzt die letzten Schritte erledigt. Danke für Deine Empfehlungen zum sicheren surfen. Ich werde das an meine Bekannten weiter geben und es mit ihnen besprechen, wenn ich den Rechner wieder hinschaffe. Hoffe damit ist jetzt alles erledigt und der Rechner wieder fit. Ein riesen an dich für deine Hilfe und ein großes Lob für die Arbeit die ihr hier leistet.  DANKE!Grüße keep_smile  |
|
23.07.2013, 09:41
| #12 |
| /// the machine /// TB-Ausbilder | Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden |
| antivirus, entfernen, error, firefox, flash player, format, helper, iexplore.exe, install.exe, microsoft office starter 2010, mozilla, obfuscator.qg, plug-in, problem, pws:win32/zbot.gen!am, realtek, richtlinie, rootkit.tdss, rundll, security, software, svchost.exe, system, trojan.agent.rf, win32/zbot.gen!am, windows |
Linear-Darstellung
