| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ungültiges Bild - Win7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.07.2013, 13:15
| #1 |
 |  Ungültiges Bild - Win7 Hallo , Ich habe einen kleinen Bruder der gerne Spiele auf dem PC spielt und der immer wieder auch wenn ich ihm es verbiete neue Sachen herunterladet. Schon seit längerer Zeit hab ich nicht zugeschaut .... Bei fast allen Programmen die ich versuche zu Öffnen kommt die Fehleremeldung : xxxxxx- Ungültiges Bild C:\Windows\system32\nsp9pfbl.dll ist entweder nicht für die Ausführung unter Windows vorgesehn oder enthält einen Fehler ......  Habe diesen Thread über Cracks usw. gelesen aber ich weiss echt nicht ob sowas in der Art drauf ist :/ Hoffe auf Hilfe  PS: Kenne mich nicht zu gut mit PCs aus bitte nicht zu verschlüsselt reden  Lg stevo |
|
30.07.2013, 13:34
| #2 |
| /// the machine /// TB-Ausbilder    |  Ungültiges Bild - Win7 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
30.07.2013, 21:13
| #3 |
| | Ungültiges Bild - Win7 Frst.txt :
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by 1487204 (administrator) on 30-07-2013 22:05:14
Running from C:\Users\1487204\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [Spotify Web Helper] - C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-12] (Spotify Ltd)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SCheck] - C:\Users\1487204\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\1487204\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [DataMgr] - C:\Users\1487204\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKCU\...\Run: [Intermediate] - C:\Users\1487204\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKCU\...\RunOnce: [Application Restart #0] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-sync-favicons --enable-full-history-sync --sync-keystore-encryption --flag-switches-end --restore-last-session hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141 [846288 2013-07-12] (Google Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Gast\...\Run: [Spotify Web Helper] - C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-12] (Spotify Ltd)
HKU\Gast\...\Run: [Exetender] - C:\Program Files (x86)\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)
HKU\Gast\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
AppInit_DLLs-x32: c:\progra~2\search~2\datamngr\mgrldr.dll c:\windows\syswow64\nvinit.dll [4936152 2012-12-04] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8640e47c-a41c-4742-afa9-502d6716ac10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&from=vtt&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=4456503
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&from=vtt&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=4456503
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5051805130804948&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&from=vtt&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=4456503
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8640e47c-a41c-4742-afa9-502d6716ac10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000
SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=aolde-ie&s_qt=sb&tb_uuid=B5F34C4E3C6F402C9E30EAEC6AF75503&tb_oid=09-05-2013&tb_mrud=09-05-2013
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&from=vtt&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=4456503
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=343&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5051805130804948&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.piccshare.com/search.php?channel=sfde306&q={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {21CEC2FC-24FA-4EEB-A043-3CC248060880} hxxp://www.digimonmasters.com/inc/ActiveX/launcher/Digitalic%20Launcher.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: msdaipp - No CLSID Value -
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 10 C:\Windows\system32\nsp9pfbl.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1487204\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1487204\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: m2k - C:\Users\1487204\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi
FF Extension: No Name - C:\Users\1487204\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
==================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2556896 2013-04-24] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3969336 2012-04-05] (INCA Internet Co., Ltd.)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
S2 Dnscache; %SystemRoot%\System32\pouau9wjp.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]
==================== Drivers (Whitelisted) ====================
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [20480 2009-05-12] (Danish Wireless Design A/S)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-09] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-09] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-17] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-09] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-06-02] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-06-02] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-09] (G Data Software AG)
R0 kbdsim; C:\Windows\System32\drivers\kbdsim.sys [31872 2013-05-01] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R0 mousim; C:\Windows\System32\drivers\mousim.sys [31872 2013-05-01] ()
S3 PVUSB; C:\Windows\System32\DRIVERS\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
R2 X5XSEx_Pr143; C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-30 22:04 - 2013-07-30 22:04 - 00000000 ____D C:\FRST
2013-07-30 22:03 - 2013-07-30 22:03 - 00000000 ____D C:\Users\1487204\Desktop\laptop saubermachen
2013-07-30 07:29 - 2013-07-30 07:30 - 00000000 ____D C:\Users\1487204\AppData\Local\{A9CDB25B-5BEA-4A73-A878-41F560F7B030}
2013-07-29 07:41 - 2013-07-29 07:41 - 00000000 ____D C:\Users\1487204\AppData\Local\{4BA6CBC4-2AE8-4F82-8CD6-C3EE45364D6A}
2013-07-28 15:20 - 2013-07-28 15:20 - 00000000 ____D C:\Users\1487204\AppData\Local\{34767BF2-D97D-4502-8DF1-DD39EC08A2B8}
2013-07-28 15:19 - 2013-07-28 15:19 - 00297440 _____ C:\Windows\Minidump\072813-22776-01.dmp
2013-07-28 15:18 - 2013-07-28 15:18 - 651285183 _____ C:\Windows\MEMORY.DMP
2013-07-27 21:01 - 2013-07-27 21:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{807E84CB-D3AC-4271-977C-8A0D3FFB7C68}
2013-07-27 07:27 - 2013-07-27 07:27 - 00000000 ____D C:\Users\1487204\AppData\Local\{3AB7F902-B7B9-478A-81E9-00670B032E64}
2013-07-26 14:20 - 2013-07-26 14:20 - 00000570 _____ C:\Users\Public\Desktop\Cube World.lnk
2013-07-26 14:20 - 2013-07-26 14:20 - 00000000 ____D C:\ProgramData\Picroma
2013-07-26 14:19 - 2013-07-26 14:19 - 01620442 _____ (Picroma ) C:\Users\1487204\Downloads\CubeSetup3.exe
2013-07-26 12:55 - 2013-07-26 12:55 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo (1).zip
2013-07-26 12:52 - 2013-07-26 12:52 - 00292184 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\dxwebsetup.exe
2013-07-26 12:49 - 2013-07-26 12:50 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo.zip
2013-07-25 23:11 - 2013-07-25 23:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{A2FA6DAD-F4CF-44C2-A390-F5FD6691C685}
2013-07-25 22:22 - 2013-07-25 22:22 - 00000000 ____D C:\Users\1487204\AppData\Local\Aeria Games
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\Aeria Games
2013-07-25 22:17 - 2013-07-26 12:42 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-25 22:17 - 2013-07-25 22:17 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Aeria Games & Entertainment
2013-07-25 20:55 - 2013-07-25 20:55 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader (1).exe
2013-07-25 20:24 - 2013-07-25 20:24 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader.exe
2013-07-19 22:42 - 2013-07-19 22:42 - 00000000 ____D C:\Users\1487204\AppData\Local\{39F4A88F-2D8D-4192-A776-5725857F2021}
2013-07-19 15:45 - 2013-07-19 15:45 - 01270003 _____ C:\Users\1487204\Downloads\PSX2PSP_v1.4.2.zip
2013-07-19 14:41 - 2013-07-19 14:42 - 05292568 _____ C:\Users\1487204\Downloads\popsloader-v4e.zip
2013-07-19 14:17 - 2013-07-19 14:25 - 38985728 _____ C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip
2013-07-19 14:17 - 2013-07-19 14:17 - 00298024 _____ (StarApp) C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip.exe
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\StarApp
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-19 13:57 - 2013-07-19 13:57 - 05260600 _____ C:\Users\1487204\Downloads\popsloader (1).zip
2013-07-19 13:29 - 2013-07-19 13:29 - 00247765 _____ C:\Users\1487204\Downloads\XMBCTrl.zip
2013-07-19 13:11 - 2013-07-19 13:12 - 05260600 _____ C:\Users\1487204\Downloads\popsloader.zip
2013-07-19 12:43 - 2013-07-19 12:43 - 00013426 _____ C:\Users\1487204\Downloads\12645_DA_POPSloaderPlugin_300311.zip
2013-07-19 12:35 - 2013-07-19 12:35 - 02040534 _____ C:\Users\1487204\Downloads\icetea1.3_win.zip
2013-07-19 12:32 - 2013-07-19 12:32 - 00000000 ____D C:\Users\1487204\AppData\Roaming\ImgBurn
2013-07-19 12:26 - 2013-07-30 07:28 - 00000340 _____ C:\Windows\Tasks\spmonitor.job
2013-07-19 12:26 - 2013-07-19 12:26 - 00002510 _____ C:\Windows\System32\Tasks\spmonitor
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Uniblue
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-07-19 12:25 - 2013-07-19 12:25 - 00001831 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-07-19 12:25 - 2013-07-19 12:25 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-07-19 12:24 - 2013-07-19 12:25 - 03469871 _____ (LIGHTNING UK!) C:\Users\1487204\Downloads\SetupImgBurn_2.5.8.0.exe
2013-07-17 15:53 - 2013-07-17 16:40 - 746127808 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part2.rar
2013-07-17 14:55 - 2013-07-17 15:52 - 1048576000 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part1.rar
2013-07-17 12:27 - 2013-07-17 12:27 - 00000196 _____ C:\Users\1487204\Downloads\4d4c9115-f044-4595-9056-93b1fd94fb6e.htm
2013-07-15 07:44 - 2013-07-15 07:44 - 00000000 ____D C:\Users\1487204\AppData\Local\{54988270-985A-4C08-A1E2-3970B14ACA70}
2013-07-14 07:48 - 2013-07-14 08:07 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 11:17 - 2013-07-13 11:17 - 00000000 ____D C:\Users\1487204\AppData\Local\{4C27CA99-76B2-408D-8950-DAC855DEBD1E}
2013-07-13 11:02 - 2013-07-13 11:02 - 00000000 ____D C:\Users\1487204\AppData\Local\{49107F91-4B47-4263-9EA5-51B40C878760}
2013-07-13 08:07 - 2013-07-13 08:07 - 00675988 _____ C:\Users\1487204\Downloads\Minecraft.exe
2013-07-12 22:52 - 2013-07-12 22:52 - 00000000 ____D C:\Users\1487204\AppData\Local\{A22B4154-B20A-4811-8036-5DCF4B24262B}
2013-07-12 21:11 - 2013-07-12 21:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{6C055D5F-EB8C-4ED1-B78B-5A1856594FAE}
2013-07-12 14:22 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 14:22 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 14:22 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 14:22 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 14:22 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 14:22 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 14:22 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 14:22 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 14:22 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 14:22 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 14:22 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 14:22 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 14:22 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 14:22 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 14:22 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 14:22 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 14:22 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-12 14:22 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 14:22 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 14:22 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-12 14:22 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 14:22 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-12 14:22 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-12 14:22 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 14:22 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 14:22 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 14:22 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 14:22 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-12 14:22 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 16:57 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:57 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 16:57 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:57 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 16:56 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:56 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 16:56 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 20:37 - 2013-07-10 20:37 - 00004589 _____ C:\Users\1487204\Documents\Stickman.piv
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SSync
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SCheck
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Intermediate
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\DataMgr
2013-07-10 20:03 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\PiccShare
2013-07-10 20:03 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Common
2013-07-10 20:02 - 2013-07-10 20:02 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.5600.dll
2013-07-10 20:01 - 2013-07-10 20:02 - 00000000 ____D C:\Program Files (x86)\Pivot Stickfigure Animator
2013-07-10 19:57 - 2013-07-10 19:57 - 00393080 _____ (Softonic ) C:\Users\1487204\Downloads\SoftonicDownloader_fuer_pivot-stickfigure-animator.exe
2013-07-10 07:01 - 2013-07-10 07:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{C929E05D-3774-48AE-9998-C5998334D76F}
2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-09 14:22 - 2013-07-09 14:26 - 39074536 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\FileFormatConverters.exe
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Downloads\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Desktop\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-07 11:51 - 2013-07-07 11:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{F4353331-D22F-4CA8-96D0-EBB02B158F0C}
2013-07-07 08:48 - 2013-07-07 08:48 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-07 08:47 - 2013-07-07 08:47 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3 (1).exe
2013-07-06 21:00 - 2013-07-06 21:00 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3.exe
2013-07-06 13:50 - 2013-07-06 13:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{84ECADAB-8C61-46CF-A835-D76BA66B795B}
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Malwarebytes
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-06 13:39 - 2013-07-06 13:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-03 14:12 - 2013-07-03 14:24 - 00015409 _____ C:\Windows\IE10_main.log
2013-07-03 14:07 - 2013-07-06 13:29 - 00001679 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-03 13:15 - 2013-07-30 07:28 - 00165764 _____ C:\Windows\PFRO.log
2013-07-03 13:15 - 2013-07-30 07:28 - 00001736 _____ C:\Windows\setupact.log
2013-07-03 13:15 - 2013-07-12 21:09 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-03 13:15 - 2013-07-03 13:15 - 00000000 _____ C:\Windows\setuperr.log
2013-07-03 12:20 - 2013-07-13 07:24 - 00002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-03 12:06 - 2013-07-03 12:06 - 00065312 _____ C:\Users\1487204\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 11:54 - 2013-07-03 11:54 - 00495120 _____ C:\Users\1487204\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-07-03 11:54 - 2013-07-03 11:54 - 00186028 _____ C:\Users\1487204\Downloads\Todays_PSN_Codes_Database_-20.rar
2013-07-03 11:52 - 2013-07-25 08:06 - 00000000 ____D C:\ProgramData\eSafe
2013-07-03 11:52 - 2013-07-07 11:48 - 00000000 ____D C:\ProgramData\BasicServe
2013-07-03 11:52 - 2013-07-03 11:52 - 00000000 ____D C:\Program Files (x86)\BasicServe
2013-07-03 11:51 - 2013-07-03 11:51 - 00000000 ____D C:\Users\1487204\AppData\Roaming\eIntaller
2013-07-03 11:50 - 2013-07-03 11:50 - 00495128 _____ C:\Users\1487204\Downloads\beatCelebPlayer_RocketFuelInstaller.exe
2013-07-03 11:48 - 2013-07-03 11:48 - 01588224 _____ C:\Users\1487204\Downloads\PSN Code Generator v2 [Giftcardsbay.com] .exe
147
==================== One Month Modified Files and Folders =======
2013-07-30 22:04 - 2013-07-30 22:04 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64.exe
2013-07-30 22:04 - 2013-07-30 22:04 - 00000000 ____D C:\FRST
2013-07-30 22:03 - 2013-07-30 22:03 - 00000000 ____D C:\Users\1487204\Desktop\laptop saubermachen
2013-07-30 21:51 - 2011-12-09 21:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 14:32 - 2013-03-13 16:46 - 00000000 ____D C:\Users\1487204\Desktop\Spiele
2013-07-30 14:13 - 2011-12-09 21:36 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 07:36 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 07:36 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 07:30 - 2013-07-30 07:29 - 00000000 ____D C:\Users\1487204\AppData\Local\{A9CDB25B-5BEA-4A73-A878-41F560F7B030}
2013-07-30 07:29 - 2013-04-17 16:07 - 00000000 ____D C:\Users\1487204\Tracing
2013-07-30 07:28 - 2013-07-19 12:26 - 00000340 _____ C:\Windows\Tasks\spmonitor.job
2013-07-30 07:28 - 2013-07-03 13:15 - 00165764 _____ C:\Windows\PFRO.log
2013-07-30 07:28 - 2013-07-03 13:15 - 00001736 _____ C:\Windows\setupact.log
2013-07-30 07:28 - 2011-11-23 02:57 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-30 07:28 - 2011-11-23 02:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-30 07:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 11:18 - 2013-06-09 10:26 - 01811950 _____ C:\Windows\WindowsUpdate.log
2013-07-29 07:41 - 2013-07-29 07:41 - 00000000 ____D C:\Users\1487204\AppData\Local\{4BA6CBC4-2AE8-4F82-8CD6-C3EE45364D6A}
2013-07-28 15:20 - 2013-07-28 15:20 - 00000000 ____D C:\Users\1487204\AppData\Local\{34767BF2-D97D-4502-8DF1-DD39EC08A2B8}
2013-07-28 15:19 - 2013-07-28 15:19 - 00297440 _____ C:\Windows\Minidump\072813-22776-01.dmp
2013-07-28 15:19 - 2012-08-23 13:23 - 00000000 ____D C:\Windows\Minidump
2013-07-28 15:18 - 2013-07-28 15:18 - 651285183 _____ C:\Windows\MEMORY.DMP
2013-07-27 21:01 - 2013-07-27 21:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{807E84CB-D3AC-4271-977C-8A0D3FFB7C68}
2013-07-27 14:02 - 2013-04-18 08:35 - 00000000 ____D C:\Users\1487204\Desktop\Launcher
2013-07-27 07:27 - 2013-07-27 07:27 - 00000000 ____D C:\Users\1487204\AppData\Local\{3AB7F902-B7B9-478A-81E9-00670B032E64}
2013-07-26 14:20 - 2013-07-26 14:20 - 00000570 _____ C:\Users\Public\Desktop\Cube World.lnk
2013-07-26 14:20 - 2013-07-26 14:20 - 00000000 ____D C:\ProgramData\Picroma
2013-07-26 14:19 - 2013-07-26 14:19 - 01620442 _____ (Picroma ) C:\Users\1487204\Downloads\CubeSetup3.exe
2013-07-26 12:55 - 2013-07-26 12:55 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo (1).zip
2013-07-26 12:52 - 2013-07-26 12:52 - 00292184 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\dxwebsetup.exe
2013-07-26 12:52 - 2011-12-19 15:46 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-26 12:50 - 2013-07-26 12:49 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo.zip
2013-07-26 12:43 - 2013-05-02 21:21 - 00000000 ____D C:\AeriaGames
2013-07-26 12:42 - 2013-07-25 22:17 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-25 23:11 - 2013-07-25 23:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{A2FA6DAD-F4CF-44C2-A390-F5FD6691C685}
2013-07-25 23:06 - 2011-11-23 02:56 - 00002778 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-25 22:22 - 2013-07-25 22:22 - 00000000 ____D C:\Users\1487204\AppData\Local\Aeria Games
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\Aeria Games
2013-07-25 22:17 - 2013-07-25 22:17 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Aeria Games & Entertainment
2013-07-25 20:55 - 2013-07-25 20:55 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader (1).exe
2013-07-25 20:24 - 2013-07-25 20:24 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader.exe
2013-07-25 17:08 - 2013-02-21 21:38 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Spotify
2013-07-25 15:03 - 2013-02-21 21:39 - 00000000 ____D C:\Users\1487204\AppData\Local\Spotify
2013-07-25 08:06 - 2013-07-03 11:52 - 00000000 ____D C:\ProgramData\eSafe
2013-07-21 08:53 - 2013-02-11 16:00 - 00000000 ____D C:\Users\1487204\AppData\Roaming\.minecraft
2013-07-19 22:42 - 2013-07-19 22:42 - 00000000 ____D C:\Users\1487204\AppData\Local\{39F4A88F-2D8D-4192-A776-5725857F2021}
2013-07-19 15:45 - 2013-07-19 15:45 - 01270003 _____ C:\Users\1487204\Downloads\PSX2PSP_v1.4.2.zip
2013-07-19 14:42 - 2013-07-19 14:41 - 05292568 _____ C:\Users\1487204\Downloads\popsloader-v4e.zip
2013-07-19 14:25 - 2013-07-19 14:17 - 38985728 _____ C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip
2013-07-19 14:17 - 2013-07-19 14:17 - 00298024 _____ (StarApp) C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip.exe
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\StarApp
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-19 13:57 - 2013-07-19 13:57 - 05260600 _____ C:\Users\1487204\Downloads\popsloader (1).zip
2013-07-19 13:29 - 2013-07-19 13:29 - 00247765 _____ C:\Users\1487204\Downloads\XMBCTrl.zip
2013-07-19 13:12 - 2013-07-19 13:11 - 05260600 _____ C:\Users\1487204\Downloads\popsloader.zip
2013-07-19 12:43 - 2013-07-19 12:43 - 00013426 _____ C:\Users\1487204\Downloads\12645_DA_POPSloaderPlugin_300311.zip
2013-07-19 12:35 - 2013-07-19 12:35 - 02040534 _____ C:\Users\1487204\Downloads\icetea1.3_win.zip
2013-07-19 12:32 - 2013-07-19 12:32 - 00000000 ____D C:\Users\1487204\AppData\Roaming\ImgBurn
2013-07-19 12:26 - 2013-07-19 12:26 - 00002510 _____ C:\Windows\System32\Tasks\spmonitor
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Uniblue
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-07-19 12:25 - 2013-07-19 12:25 - 00001831 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-07-19 12:25 - 2013-07-19 12:25 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-07-19 12:25 - 2013-07-19 12:24 - 03469871 _____ (LIGHTNING UK!) C:\Users\1487204\Downloads\SetupImgBurn_2.5.8.0.exe
2013-07-19 12:25 - 2013-04-12 07:47 - 00000000 ____D C:\Users\1487204\AppData\Roaming\OpenCandy
2013-07-18 20:03 - 2011-02-19 06:24 - 00698164 _____ C:\Windows\system32\perfh007.dat
2013-07-18 20:03 - 2011-02-19 06:24 - 00151632 _____ C:\Windows\system32\perfc007.dat
2013-07-18 20:03 - 2009-07-14 07:13 - 01644368 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 16:40 - 2013-07-17 15:53 - 746127808 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part2.rar
2013-07-17 15:52 - 2013-07-17 14:55 - 1048576000 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part1.rar
2013-07-17 12:27 - 2013-07-17 12:27 - 00000196 _____ C:\Users\1487204\Downloads\4d4c9115-f044-4595-9056-93b1fd94fb6e.htm
2013-07-16 14:08 - 2011-12-09 21:36 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 14:08 - 2011-12-09 21:36 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 07:44 - 2013-07-15 07:44 - 00000000 ____D C:\Users\1487204\AppData\Local\{54988270-985A-4C08-A1E2-3970B14ACA70}
2013-07-15 07:42 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 08:07 - 2013-07-14 07:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 11:17 - 2013-07-13 11:17 - 00000000 ____D C:\Users\1487204\AppData\Local\{4C27CA99-76B2-408D-8950-DAC855DEBD1E}
2013-07-13 11:02 - 2013-07-13 11:02 - 00000000 ____D C:\Users\1487204\AppData\Local\{49107F91-4B47-4263-9EA5-51B40C878760}
2013-07-13 08:07 - 2013-07-13 08:07 - 00675988 _____ C:\Users\1487204\Downloads\Minecraft.exe
2013-07-13 08:06 - 2013-03-13 16:48 - 00000000 ____D C:\Users\1487204\Desktop\Minecraft
2013-07-13 07:24 - 2013-07-03 12:20 - 00002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 22:52 - 2013-07-12 22:52 - 00000000 ____D C:\Users\1487204\AppData\Local\{A22B4154-B20A-4811-8036-5DCF4B24262B}
2013-07-12 21:11 - 2013-07-12 21:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{6C055D5F-EB8C-4ED1-B78B-5A1856594FAE}
2013-07-12 21:11 - 2011-11-23 02:56 - 00001498 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-12 21:09 - 2013-07-03 13:15 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 21:07 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 21:07 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 21:07 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:29 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-07-12 14:11 - 2013-03-14 08:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 14:11 - 2013-03-14 08:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 20:37 - 2013-07-10 20:37 - 00004589 _____ C:\Users\1487204\Documents\Stickman.piv
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SSync
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SCheck
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Intermediate
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\DataMgr
2013-07-10 20:06 - 2011-12-09 21:36 - 00000000 ____D C:\Users\1487204\AppData\Local\Google
2013-07-10 20:05 - 2011-04-13 04:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-10 20:03 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\PiccShare
2013-07-10 20:03 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Common
2013-07-10 20:02 - 2013-07-10 20:02 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.5600.dll
2013-07-10 20:02 - 2013-07-10 20:01 - 00000000 ____D C:\Program Files (x86)\Pivot Stickfigure Animator
2013-07-10 20:02 - 2013-04-26 19:42 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-07-10 20:02 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-10 19:57 - 2013-07-10 19:57 - 00393080 _____ (Softonic ) C:\Users\1487204\Downloads\SoftonicDownloader_fuer_pivot-stickfigure-animator.exe
2013-07-10 07:01 - 2013-07-10 07:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{C929E05D-3774-48AE-9998-C5998334D76F}
2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-09 14:38 - 2011-04-13 04:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-09 14:26 - 2013-07-09 14:22 - 39074536 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\FileFormatConverters.exe
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Downloads\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Desktop\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-07 11:51 - 2013-07-07 11:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{F4353331-D22F-4CA8-96D0-EBB02B158F0C}
2013-07-07 11:48 - 2013-07-03 11:52 - 00000000 ____D C:\ProgramData\BasicServe
2013-07-07 08:48 - 2013-07-07 08:48 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-07-07 08:48 - 2013-01-23 17:05 - 00000000 ____D C:\Users\1487204\AppData\Local\CRE
2013-07-07 08:47 - 2013-07-07 08:47 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3 (1).exe
2013-07-06 21:00 - 2013-07-06 21:00 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3.exe
2013-07-06 13:51 - 2013-07-06 13:50 - 00000000 ____D C:\Users\1487204\AppData\Local\{84ECADAB-8C61-46CF-A835-D76BA66B795B}
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Malwarebytes
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-06 13:39 - 2013-07-06 13:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-06 13:29 - 2013-07-03 14:07 - 00001679 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-06 13:29 - 2013-03-16 10:09 - 00001661 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-04 20:12 - 2013-03-13 16:49 - 00000000 ____D C:\Users\1487204\Desktop\Sonstiges
2013-07-04 17:16 - 2011-12-31 16:10 - 00000000 ____D C:\Users\1487204\AppData\Local\Paint.NET
2013-07-03 14:24 - 2013-07-03 14:12 - 00015409 _____ C:\Windows\IE10_main.log
2013-07-03 14:05 - 2009-07-29 08:03 - 00000000 ____D C:\Windows\Panther
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 13:15 - 2013-07-03 13:15 - 00000000 _____ C:\Windows\setuperr.log
2013-07-03 12:06 - 2013-07-03 12:06 - 00065312 _____ C:\Users\1487204\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 11:57 - 2012-04-02 17:10 - 00000000 ____D C:\ProgramData\Trymedia
2013-07-03 11:54 - 2013-07-03 11:54 - 00495120 _____ C:\Users\1487204\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-07-03 11:54 - 2013-07-03 11:54 - 00186028 _____ C:\Users\1487204\Downloads\Todays_PSN_Codes_Database_-20.rar
2013-07-03 11:52 - 2013-07-03 11:52 - 00000000 ____D C:\Program Files (x86)\BasicServe
2013-07-03 11:52 - 2011-12-01 09:12 - 00001633 _____ C:\Users\1487204\Desktop\Internet Explorer.lnk
2013-07-03 11:52 - 2011-01-07 15:39 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-07-03 11:52 - 2011-01-07 15:39 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-07-03 11:51 - 2013-07-03 11:51 - 00000000 ____D C:\Users\1487204\AppData\Roaming\eIntaller
2013-07-03 11:50 - 2013-07-03 11:50 - 00495128 _____ C:\Users\1487204\Downloads\beatCelebPlayer_RocketFuelInstaller.exe
2013-07-03 11:48 - 2013-07-03 11:48 - 01588224 _____ C:\Users\1487204\Downloads\PSN Code Generator v2 [Giftcardsbay.com] .exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-27 23:02
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Additional.txt : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by 1487204 at 2013-07-30 22:06:11
Running from C:\Users\1487204\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (x32 Version: 11.5.502.135)
Akamai NetSession Interface (HKCU)
ASUS AI Recovery (x32 Version: 1.0.14)
ASUS FancyStart (x32 Version: 1.1.0)
ASUS LifeFrame3 (x32 Version: 3.0.22)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.45)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS USB Charger Plus (x32 Version: 2.0.0)
ASUS Virtual Camera (x32 Version: 1.0.21)
ASUS WebStorage (x32 Version: 3.0.84.161)
ASUS_Screensaver (x32)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
Azteca (x32)
Canon MP550 series MP Drivers
CCleaner (Version: 3.13)
Cheat Engine 6.2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Cube World version 0.0.1 (x32 Version: 0.0.1)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
D3DX10 (x32 Version: 15.4.2368.0902)
DigimonMasters Online (x32)
dows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) (Version: 04/16/2009 1.0.0.6)
ETDWare PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fantastigames (x32)
Farm Frenzy 3 (x32)
Fast Boot (Version: 1.0.9)
G Data InternetSecurity 2014 (x32 Version: 24.0.2.3)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.72)
Google Chrome Frame (x32 Version: 65.119.71)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Update Helper (x32 Version: 1.3.21.153)
ImgBurn (x32 Version: 2.5.8.0)
Infineon USB driver 1.0.0.6 (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2345)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel(R) Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 30 (64-bit) (Version: 6.0.300)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LG PC Suite II (x32 Version: 2.00.0000)
LG USB Modem driver (x32 Version: 4.9.4)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Farm Life 2 (x32)
Nuance PDF Reader (x32 Version: 6.00.0041)
NVIDIA 3D Vision Driver 268.39 (Version: 268.39)
NVIDIA Control Panel 268.39 (Version: 268.39)
NVIDIA Graphics Driver 268.39 (Version: 268.39)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA Optimus 1.0.21 (Version: 1.0.21)
NVIDIA PhysX (x32 Version: 9.10.0513)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6839)
NVIDIA Update Components (Version: 1.0.21)
Paint.NET v3.5.10 (Version: 3.60.0)
Pivot Stickfigure Animator version 2.2.7 (x32 Version: 2.2.7)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6370)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
ShotOnline (x32 Version: 1.0)
Skype™ 6.3 (x32 Version: 6.3.105)
Sonic Focus (x32 Version: 1.0.0.4)
SpeedUpMyPC (x32 Version: 5.3.4.4)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
syncables desktop SE (x32 Version: 5.5.746.11492)
Time Riddles: The Mansion (x32)
Trend Micro Titanium Internet Security (Version: 3.0)
Trend Micro Titanium Internet Security (Version: 3.00)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.1)
WinImage (HKCU)
WinImage (x32)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0)
Wireless Console 3 (x32 Version: 3.0.21)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
디지탈릭 게임런처 (x32)
==================== Restore Points =========================
12-07-2013 12:08:44 Windows Update
14-07-2013 05:47:22 Windows Update
16-07-2013 12:04:47 Windows Update
17-07-2013 06:04:01 Windows Update
19-07-2013 10:26:36 Uniblue SpeedUpMyPC installation
26-07-2013 10:42:02 Removed Aeria Ignite
26-07-2013 10:43:00 Removed Fast Boot
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DAE4104-5249-4849-976B-60033BC576EA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2855986137-2966401962-2417362070-1001UA => C:\Users\1487204\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {0E04C376-B233-424A-8B2F-BB31C194FD85} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-06-01] (ASUS)
Task: {0F3D25C3-0D38-4050-99A2-5134C2F1FC88} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2855986137-2966401962-2417362070-1001Core => C:\Users\1487204\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {1011E427-73C5-48C7-8FC0-EBF165C1BD48} - System32\Tasks\{EC56D1E1-FE71-47CD-B240-57876DFC297B} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {2779C9AF-C34B-452C-93D7-333B3B1949DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11] (Adobe Systems Incorporated)
Task: {408C8528-48C0-40D1-B376-55023D7A9D20} - System32\Tasks\{DC47105D-6962-4961-9999-D25CAE7C1B69} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {41CBBEB8-A6D1-4D0D-AD5A-ECF7F8E5BCF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09] (Google Inc.)
Task: {51941206-9DE3-4B57-8B3D-8983DC23E06E} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {6E423D1C-8354-497F-BE07-429676712D64} - System32\Tasks\{1A3C5C16-851B-4D08-9937-C16D7EE4FEC7} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {759AE2E5-DF8E-4B29-AC71-0F7845BA84FA} - System32\Tasks\{B740AA25-AD96-42F9-9162-72E233FBE913} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {79C1F952-AF40-45BC-9102-455B3FB62B9F} - System32\Tasks\FGRun => C:\Users\1487204\AppData\Roaming\pack.exe No File
Task: {7B30BA77-3C31-4DD8-800E-D96E6BF1A9E7} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {7FF82075-44E9-415D-9868-4BD940CF992F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09] (Google Inc.)
Task: {8225DC3D-5A37-4FF8-9A31-6B9D0CE2E771} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {86D70DC4-7518-4EBB-A2C9-328CB57AE020} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {9B865800-0CEB-4D42-917E-CA1DEE0DB1DC} - System32\Tasks\{94129937-1E10-4EC6-B6AB-7E492926D9DF} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {9E484C38-5450-4243-8C2C-5E48145503AC} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-11-22] (Uniblue Systems Ltd)
Task: {B1FACE38-80D9-4289-9A16-E8DEE53FB5E1} - System32\Tasks\{88342CB1-00DF-4DB8-AB09-6F4DC88B5D52} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {C0F0A89E-CFE2-455B-BF9E-2E93AAA55115} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {CA7D7765-FC69-406F-9816-5DC794C737DE} - System32\Tasks\{33653871-7AF0-4EA1-8D09-2BFA038F7A58} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D6D16C6B-2B68-4C01-BCF1-23DC5BCE27ED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {D9EEE54D-D1D3-4453-AE74-8B6B8D49C71B} - System32\Tasks\{0D7821F7-4F62-4044-BBB4-1305AEFA27E1} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {EF8815ED-DB0F-4F31-B6A0-9A5B5C220E94} - System32\Tasks\{7B05ED55-5E09-4173-9100-BBA1EFEACD28} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: {F3AFFC54-E48F-4E6E-B948-1A6C1E3F15C9} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {F4A98F62-5549-4E8D-9CB7-7F745C5D9D04} - System32\Tasks\Funmoods => C:\Users\1487204\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE No File
Task: {F6CC69A4-BDA6-4038-B672-F7274C3D11F1} - System32\Tasks\{1FE1CF1B-595D-42AF-86FB-B7B8A84BF044} => c:\users\1487204\appdata\local\google\chrome\application\chrome.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855986137-2966401962-2417362070-1001Core.job => C:\Users\1487204\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855986137-2966401962-2417362070-1001UA.job => C:\Users\1487204\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2013 07:51:35 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51ea955e
Name des fehlerhaften Moduls: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51ea955e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006f443
ID des fehlerhaften Prozesses: 0x658
Startzeit der fehlerhaften Anwendung: 0xCube.exe0
Pfad der fehlerhaften Anwendung: Cube.exe1
Pfad des fehlerhaften Moduls: Cube.exe2
Berichtskennung: Cube.exe3
Error: (07/29/2013 07:40:58 AM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 840
Startzeit: 01ce8c1e081211dc
Endzeit: 10
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 6894d744-f811-11e2-84e4-14dae9e8ec78
Error: (07/26/2013 09:00:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51ea955e
Name des fehlerhaften Moduls: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51ea955e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002c7a3
ID des fehlerhaften Prozesses: 0xd20
Startzeit der fehlerhaften Anwendung: 0xCube.exe0
Pfad der fehlerhaften Anwendung: Cube.exe1
Pfad des fehlerhaften Moduls: Cube.exe2
Berichtskennung: Cube.exe3
Error: (07/26/2013 01:03:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51d2c632
Name des fehlerhaften Moduls: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51d2c632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049920
ID des fehlerhaften Prozesses: 0x16e4
Startzeit der fehlerhaften Anwendung: 0xCube.exe0
Pfad der fehlerhaften Anwendung: Cube.exe1
Pfad des fehlerhaften Moduls: Cube.exe2
Berichtskennung: Cube.exe3
Error: (07/26/2013 00:53:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51d2c632
Name des fehlerhaften Moduls: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51d2c632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049920
ID des fehlerhaften Prozesses: 0x1690
Startzeit der fehlerhaften Anwendung: 0xCube.exe0
Pfad der fehlerhaften Anwendung: Cube.exe1
Pfad des fehlerhaften Moduls: Cube.exe2
Berichtskennung: Cube.exe3
Error: (07/26/2013 00:51:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51d2c632
Name des fehlerhaften Moduls: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51d2c632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049920
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xCube.exe0
Pfad der fehlerhaften Anwendung: Cube.exe1
Pfad des fehlerhaften Moduls: Cube.exe2
Berichtskennung: Cube.exe3
Error: (07/26/2013 00:50:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51d2c632
Name des fehlerhaften Moduls: Cube.exe, Version: 0.0.0.0, Zeitstempel: 0x51d2c632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049920
ID des fehlerhaften Prozesses: 0x1378
Startzeit der fehlerhaften Anwendung: 0xCube.exe0
Pfad der fehlerhaften Anwendung: Cube.exe1
Pfad des fehlerhaften Moduls: Cube.exe2
Berichtskennung: Cube.exe3
Error: (07/26/2013 00:43:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service Wsys Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (07/26/2013 00:42:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service Wsys Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (07/20/2013 01:53:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DigimonMasters.exe, Version: 13.1.8.1, Zeitstempel: 0x51e5fb19
Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.762, Zeitstempel: 0x45712238
Ausnahmecode: 0xc000000d
Fehleroffset: 0x0004ef67
ID des fehlerhaften Prozesses: 0xb94
Startzeit der fehlerhaften Anwendung: 0xDigimonMasters.exe0
Pfad der fehlerhaften Anwendung: DigimonMasters.exe1
Pfad des fehlerhaften Moduls: DigimonMasters.exe2
Berichtskennung: DigimonMasters.exe3
System errors:
=============
Error: (07/30/2013 09:51:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 09:51:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 07:29:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 07:29:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 07:29:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 07:29:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 07:29:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 07:29:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 07:29:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Error: (07/30/2013 07:29:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
Error: (07/30/2013 07:51:35 AM) (Source: Application Error)(User: )
Description: Cube.exe0.0.0.051ea955eCube.exe0.0.0.051ea955ec00000050006f44365801ce8ce601921f85D:\Cube World\Cube.exeD:\Cube World\Cube.exe17ad97ec-f8dc-11e2-bc9f-14dae9e8ec78
Error: (07/29/2013 07:40:58 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756784001ce8c1e081211dc10C:\Windows\Explorer.EXE6894d744-f811-11e2-84e4-14dae9e8ec78
Error: (07/26/2013 09:00:42 PM) (Source: Application Error)(User: )
Description: Cube.exe0.0.0.051ea955eCube.exe0.0.0.051ea955ec00000050002c7a3d2001ce8a2c9de338d6D:\Cube World\Cube.exeD:\Cube World\Cube.exeaab7bf8d-f625-11e2-bd6d-14dae9e8ec78
Error: (07/26/2013 01:03:57 PM) (Source: Application Error)(User: )
Description: Cube.exe0.0.0.051d2c632Cube.exe0.0.0.051d2c632c00000050004992016e401ce89efad063401C:\Users\1487204\Desktop\Cube.exeC:\Users\1487204\Desktop\Cube.exe10be2225-f5e3-11e2-bd6d-14dae9e8ec78
Error: (07/26/2013 00:53:25 PM) (Source: Application Error)(User: )
Description: Cube.exe0.0.0.051d2c632Cube.exe0.0.0.051d2c632c000000500049920169001ce89ee507de45cC:\Users\1487204\Desktop\Cube Demo\Cube.exeC:\Users\1487204\Desktop\Cube Demo\Cube.exe980957d5-f5e1-11e2-bd6d-14dae9e8ec78
Error: (07/26/2013 00:51:04 PM) (Source: Application Error)(User: )
Description: Cube.exe0.0.0.051d2c632Cube.exe0.0.0.051d2c632c000000500049920169401ce89ee014075e6C:\Users\1487204\Desktop\Cube Demo\Cube.exeC:\Users\1487204\Desktop\Cube Demo\Cube.exe43fd866a-f5e1-11e2-bd6d-14dae9e8ec78
Error: (07/26/2013 00:50:51 PM) (Source: Application Error)(User: )
Description: Cube.exe0.0.0.051d2c632Cube.exe0.0.0.051d2c632c000000500049920137801ce89edf927e4adC:\Users\1487204\Desktop\Cube Demo\Cube.exeC:\Users\1487204\Desktop\Cube Demo\Cube.exe3c7f1493-f5e1-11e2-bd6d-14dae9e8ec78
Error: (07/26/2013 00:43:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Wsys Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (07/26/2013 00:42:11 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Wsys Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (07/20/2013 01:53:11 PM) (Source: Application Error)(User: )
Description: DigimonMasters.exe13.1.8.151e5fb19MSVCR80.dll8.0.50727.76245712238c000000d0004ef67b9401ce853e7e1fb226C:\Digitalic\DigimonMastersOnline\DigimonMasters.exeC:\Digitalic\DigimonMastersOnline\MSVCR80.dllf340a4a7-f132-11e2-84db-14dae9e8ec78
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 7334.97 MB
Available physical RAM: 4852.48 MB
Total Pagefile: 14668.13 MB
Available Pagefile: 11548.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:300.41 GB) (Free:181.28 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:373.22 GB) (Free:371.61 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: AE14F3C6)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=373 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 Danke schonmal für die hilfe Lg stevo Geändert von stevoboot (30.07.2013 um 21:35 Uhr) |
|
31.07.2013, 09:36
| #4 | |
| /// the machine /// TB-Ausbilder | Ungültiges Bild - Win7Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.07.2013, 19:59
| #5 |
| | Ungültiges Bild - Win7 Hallo , wenn ich Combofix starte läuft es bis Stage 4 und ab da gehts nichtmehr weiter , HILFE Lg stevo |
|
31.07.2013, 20:11
| #6 |
| /// the machine /// TB-Ausbilder | Ungültiges Bild - Win7 Beenden und im abgesicherten Modus nochmal versuchen.
__________________ --> Ungültiges Bild - Win7 |
|
31.07.2013, 20:45
| #7 |
| | Ungültiges Bild - Win7 Danke nochmal hat geklappt, hier die Logfile Code:
ATTFilter ComboFix 13-07-30.05 - 1487204 31.07.2013 21:28:09.3.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1031.18.7335.5991 [GMT 2:00]
Running from: c:\users\1487204\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2014 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2014 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicServe
c:\programdata\BasicServe
c:\programdata\FullRemove.exe
c:\users\1487204\AppData\Local\TempDIR
c:\users\1487204\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\1487204\AppData\Roaming\Sdat.exe
c:\users\Public\AlexaNSISPlugin.5600.dll
c:\users\Public\AlexaNSISPlugin.6592.dll
c:\windows\msvcr71.dll
c:\windows\SysWow64\qdisp.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 )))))))))))))))))))))))))))))))
.
.
2013-07-30 20:04 . 2013-07-30 20:04 -------- d-----w- C:\FRST
2013-07-26 12:20 . 2013-07-26 12:20 -------- d-----w- c:\programdata\Picroma
2013-07-25 20:22 . 2013-07-25 20:22 -------- d-----w- c:\users\1487204\AppData\Local\Aeria Games
2013-07-25 20:21 . 2013-07-25 20:21 -------- d-----w- c:\programdata\Aeria Games
2013-07-25 20:17 . 2013-07-26 10:42 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-07-25 20:17 . 2013-07-25 20:17 -------- d-----w- c:\users\1487204\AppData\Roaming\Aeria Games & Entertainment
2013-07-19 12:17 . 2013-07-19 12:17 -------- d-----w- c:\programdata\StarApp
2013-07-19 12:17 . 2013-07-19 12:17 -------- d-----w- c:\programdata\InstallMate
2013-07-19 10:32 . 2013-07-19 10:32 -------- d-----w- c:\users\1487204\AppData\Roaming\ImgBurn
2013-07-19 10:26 . 2013-07-19 10:26 -------- d-----w- c:\users\1487204\AppData\Roaming\Uniblue
2013-07-19 10:26 . 2013-07-19 10:26 -------- d-----w- c:\program files (x86)\Uniblue
2013-07-19 10:25 . 2013-07-19 10:25 -------- d-----w- c:\program files (x86)\ImgBurn
2013-07-14 05:48 . 2013-07-14 06:07 -------- d-----w- c:\windows\system32\MRT
2013-07-11 14:57 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 14:57 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 14:57 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 14:57 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 14:57 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-11 14:57 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 14:57 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 14:57 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 14:57 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 14:57 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 14:57 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 14:56 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 14:56 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 14:56 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 14:56 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 14:56 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 14:56 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 14:56 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 14:56 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 18:06 . 2013-07-10 18:06 -------- d-----w- c:\users\1487204\AppData\Roaming\SSync
2013-07-10 18:06 . 2013-07-10 18:06 -------- d-----w- c:\users\1487204\AppData\Roaming\Intermediate
2013-07-10 18:06 . 2013-07-10 18:06 -------- d-----w- c:\users\1487204\AppData\Roaming\DataMgr
2013-07-10 18:06 . 2013-07-10 18:06 -------- d-----w- c:\users\1487204\AppData\Roaming\SCheck
2013-07-10 18:03 . 2013-07-10 18:03 -------- d-----w- c:\users\1487204\AppData\Roaming\PiccShare
2013-07-10 18:03 . 2013-07-10 18:03 -------- d-----w- c:\users\1487204\AppData\Roaming\Common
2013-07-10 18:01 . 2013-07-10 18:02 -------- d-----w- c:\program files (x86)\Pivot Stickfigure Animator
2013-07-09 12:38 . 2013-07-09 12:38 -------- d-----w- c:\program files (x86)\MSECache
2013-07-07 06:48 . 2013-07-07 06:48 -------- d-----w- c:\program files (x86)\Conduit
2013-07-06 11:40 . 2013-07-06 11:40 -------- d-----w- c:\users\1487204\AppData\Roaming\Malwarebytes
2013-07-06 11:40 . 2013-07-06 11:40 -------- d-----w- c:\programdata\Malwarebytes
2013-07-03 09:52 . 2013-07-25 06:06 -------- d-----w- c:\programdata\eSafe
2013-07-03 09:51 . 2013-07-03 09:51 -------- d-----w- c:\users\1487204\AppData\Roaming\eIntaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-31 17:03 . 2011-11-23 00:57 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-07-03 09:52 . 2011-01-07 13:39 773712 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-07-03 09:52 . 2011-01-07 13:39 420944 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-06-23 22:57 . 2011-12-10 11:46 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-09 08:33 . 2013-03-31 09:43 65368 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2013-06-09 08:32 . 2013-03-31 09:43 64856 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2013-06-09 08:32 . 2013-03-31 09:43 130392 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2013-06-09 08:32 . 2013-03-31 09:43 60248 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2013-06-02 10:44 . 2012-09-27 18:00 16944 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2013-06-02 10:44 . 2011-12-15 19:00 107128 ----a-w- c:\windows\system32\drivers\GRD.sys
2013-05-17 18:45 . 2011-12-09 17:42 62808 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2013-05-13 05:51 . 2013-06-12 21:22 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 21:22 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 21:22 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 21:22 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 21:22 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 21:22 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 21:22 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 21:22 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 21:22 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 21:22 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-12 13:15 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 21:22 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 21:22 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 21:22 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-12 1104384]
"Akamai NetSession Interface"="c:\users\1487204\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"SCheck"="c:\users\1487204\AppData\Roaming\SCheck\SCheck.exe" [2013-04-09 36864]
"SSync"="c:\users\1487204\AppData\Roaming\SSync\SSync.exe" [2013-04-09 36864]
"DataMgr"="c:\users\1487204\AppData\Roaming\DataMgr\DataMgr.exe" [2013-06-26 168848]
"Intermediate"="c:\users\1487204\AppData\Roaming\Intermediate\Intermediate.exe" [2013-04-09 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-03-22 1854928]
"G Data AntiVirus Tray"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-03-22 1444304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\FantastiGames\GPlayer.exe" [2012-12-04 4936152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
R1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
R2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
R2 AVKWCtl;G Data Dateisystem Wachter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\FlashUSB_x64.sys [x]
R3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
R3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys;c:\windows\SYSNATIVE\DRIVERS\CESG64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 kbdsim;kbdsim;c:\windows\system32\drivers\kbdsim.sys;c:\windows\SYSNATIVE\drivers\kbdsim.sys [x]
S0 mousim;mousim;c:\windows\system32\drivers\mousim.sys;c:\windows\SYSNATIVE\drivers\mousim.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 05:23 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 20:40]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855986137-2966401962-2417362070-1001Core.job
- c:\users\1487204\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 05:40]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855986137-2966401962-2417362070-1001UA.job
- c:\users\1487204\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 05:40]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 19:36]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-09 19:36]
.
2013-07-31 c:\windows\Tasks\spmonitor.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-07-19 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mDefault_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141
mStart Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8640e47c-a41c-4742-afa9-502d6716ac10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
DPF: {21CEC2FC-24FA-4EEB-A043-3CC248060880} - hxxp://www.digimonmasters.com/inc/ActiveX/launcher/Digitalic%20Launcher.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-UnityWebPlayer - c:\users\1487204\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGControlBarVersion]
"Major"=dword:00000009
"Minor"=dword:00000038
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPBaseControlBar--1]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPBaseControlBar-32806]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPBaseControlBar-59392]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPBaseControlBar-59396]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPControlBar--1]
"ID"=dword:ffffffff
"RectRecentFloat"=hex:81,00,00,00,a6,00,00,00,5b,01,00,00,6e,01,00,00
"RectRecentDocked"=hex:52,02,00,00,59,00,00,00,2c,03,00,00,59,02,00,00
"RecentFrameAlignment"=dword:00004000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPControlBar-32806]
"ID"=dword:00008026
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:55,02,00,00,90,00,00,00,29,03,00,00,56,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPControlBar-59392]
"ID"=dword:0000e800
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:55,02,00,00,90,00,00,00,29,03,00,00,56,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPControlBar-59396]
"ID"=dword:00000000
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,59,02,00,00,2c,03,00,00,80,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGPDockManager-128]
"DockingCBAndSliders"=hex:01,00,00,00,ff,ff,ff,ff,02,00,00,00,07,3f,dc,e2,e1,
d5,e0,f5,01,00,00,00,26,80,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,07,3f,\
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGRebar-59396]
"RBI"=hex:50,00,00,00,61,0b,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,26,00,00,00,1f,00,00,00,10,27,00,00,\
"IDs"=hex:00,e8,00,00,27,80,00,00
"Locked"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGToolBar-59392]
"Name"=""
"Buttons"=hex:00,20,00,00,01,00,00,00
"OriginalItems"=hex:02,00,ff,ff,01,00,12,00,43,42,43,47,50,54,6f,6f,6c,62,61,
72,42,75,74,74,6f,6e,3b,80,00,00,00,00,00,00,ff,ff,ff,ff,00,01,00,00,00,00,\
"OrigResetItems"=hex:02,00,ff,ff,01,00,12,00,43,42,43,47,50,54,6f,6f,6c,62,61,
72,42,75,74,74,6f,6e,3b,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000000
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:05,00,00,00,03,00,2d,80,00,00,02,00,00,00,2b,80,00,00,01,
00,00,00,3b,80,00,00,02,00,00,00
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\ControlBars-Summary]
"Bars"=dword:00000000
"ScreenCX"=dword:00000780
"ScreenCY"=dword:00000438
.
[HKEY_USERS\S-1-5-21-2855986137-2966401962-2417362070-1001\Software\MacroMgr\j"o*A*a*?e*?F*7*\Settings\WindowPlacement]
"MainWindowRect"=hex:8a,01,00,00,1d,00,00,00,c8,04,00,00,cc,02,00,00
"Flags"=dword:00000000
"ShowCmd"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2736422~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2742599~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2756921~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2757638~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2769369~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2773072~31bf3856ad364e35~amd64~~6.1.1.5]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2778930~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2785220~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2786081~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2786400~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-31 21:36:44
ComboFix-quarantined-files.txt 2013-07-31 19:36
.
Pre-Run: 18 Verzeichnis(se), 197.609.254.912 Bytes frei
Post-Run: 26 Verzeichnis(se), 197.557.698.560 Bytes frei
.
- - End Of File - - A4CF4CA5231D16E1E9C9675601630FE8
D41D8CD98F00B204E9800998ECF8427E
|
|
01.08.2013, 09:07
| #8 |
| /// the machine /// TB-Ausbilder | Ungültiges Bild - Win7 Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
und ein frisches FRST log bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.08.2013, 09:38
| #9 |
| | Ungültiges Bild - Win7 Hier schonmal die Malwarebites Logfile , die AdwCleaner Datei folgt auch gleich Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.01.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 1487204 :: STEVOS-PC [Administrator] 01.08.2013 10:11:08 mbam-log-2013-08-01 (10-11-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267139 Laufzeit: 6 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 13 C:\Users\1487204\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\alien (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\luasql (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\mime (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\socket (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 63 C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\Downloads\7ZipSetup.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip.exe (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\Downloads\SoftonicDownloader_for_the-elder-scrolls-iv-oblivion.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\Downloads\SoftonicDownloader_fuer_pivot-stickfigure-animator.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\Downloads\SoftonicDownloader_fuer_the-elder-scrolls-iv-oblivion.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\alien.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\base.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\debug_ext.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\debug_init.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\getopt.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\io_ext.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\lfs.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\list.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\lpeg.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\ltn12.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\lua.exe (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\lua5.1.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\lua51.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\luacom.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\math_ext.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\mime.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\modules.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\package_ext.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\set.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\socket.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\std.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\strbuf.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\string_ext.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\table_ext.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\tree.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\wlua.exe (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\alien\core.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\alien\struct.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\util.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode\array.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode\calls.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode\number.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode\object.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode\others.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode\strings.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\decode\util.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode\array.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode\calls.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode\number.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode\object.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode\others.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode\output.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode\output_utility.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\json\encode\strings.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\luasql\sqlite3.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\mime\core.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\socket\core.dll (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\socket\http.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1487204\AppData\Roaming\Common\LuaRT\socket\url.lua (PUP.Optional.LuaRT.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.306 - Datei am 01/08/2013 um 10:27:21 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : 1487204 - STEVOS-PC
# Bootmodus : Normal
# Ausgefuhrt unter : C:\Users\1487204\Desktop\adwcleaner.exe
# Option [Loschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Desinfiziert : C:\Users\1487204\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk
Datei Desinfiziert : C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DIGITALIC\DigimonMasters\DigimonMasters_Online.lnk
Datei Desinfiziert : C:\Users\1487204\Desktop\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\1487204\Desktop\Spiele\DigimonMasters.lnk
Datei Geloscht : C:\END
Ordner Geloscht : C:\Program Files (x86)\Conduit
Ordner Geloscht : C:\Program Files (x86)\FantastiGames
Ordner Geloscht : C:\Program Files (x86)\Search Results Toolbar
Ordner Geloscht : C:\Program Files (x86)\Searchqu Toolbar
Ordner Geloscht : C:\ProgramData\APN
Ordner Geloscht : C:\ProgramData\Babylon
Ordner Geloscht : C:\ProgramData\boost_interprocess
Ordner Geloscht : C:\ProgramData\eSafe
Ordner Geloscht : C:\ProgramData\FantastiGames
Ordner Geloscht : C:\ProgramData\Partner
Ordner Geloscht : C:\ProgramData\Trymedia
Ordner Geloscht : C:\Users\1487204\AppData\Local\Ilivid Player
Ordner Geloscht : C:\Users\1487204\AppData\Local\PutLockerDownloader
Ordner Geloscht : C:\Users\1487204\AppData\LocalLow\Conduit
Ordner Geloscht : C:\Users\1487204\AppData\LocalLow\searchresultstb
Ordner Geloscht : C:\Users\1487204\AppData\LocalLow\Toolbar4
Ordner Geloscht : C:\Users\1487204\AppData\Roaming\DataMgr
Ordner Geloscht : C:\Users\1487204\AppData\Roaming\dvdvideosoftiehelpers
Ordner Geloscht : C:\Users\1487204\AppData\Roaming\eIntaller
Ordner Geloscht : C:\Users\1487204\AppData\Roaming\Funmoods
Ordner Geloscht : C:\Users\1487204\AppData\Roaming\iWin
Ordner Geloscht : C:\Users\1487204\AppData\Roaming\OpenCandy
Ordner Geloscht : C:\Users\1487204\AppData\Roaming\PerformerSoft
***** [Registrierungsdatenbank] *****
Schlussel Geloscht : HKCU\Software\1ClickDownload
Schlussel Geloscht : HKCU\Software\APN PIP
Schlussel Geloscht : HKCU\Software\AppDataLow\Software\Conduit
Schlussel Geloscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlussel Geloscht : HKCU\Software\BabylonToolbar
Schlussel Geloscht : HKCU\Software\BI
Schlussel Geloscht : HKCU\Software\Conduit
Schlussel Geloscht : HKCU\Software\DataMngr_Toolbar
Schlussel Geloscht : HKCU\Software\Headlight
Schlussel Geloscht : HKCU\Software\ilivid
Schlussel Geloscht : HKCU\Software\IM
Schlussel Geloscht : HKCU\Software\ImInstaller
Schlussel Geloscht : HKCU\Software\InstallCore
Schlussel Geloscht : HKCU\Software\OCS
Schlussel Geloscht : HKCU\Software\Softonic
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlussel Geloscht : HKLM\Software\Babylon
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlussel Geloscht : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlussel Geloscht : HKLM\Software\Conduit
Schlussel Geloscht : HKLM\Software\DataMngr
Schlussel Geloscht : HKLM\Software\delta-homesSoftware
Schlussel Geloscht : HKLM\Software\Desksvc
Schlussel Geloscht : HKLM\Software\eSafeSecControl
Schlussel Geloscht : HKLM\Software\iLividSRTB
Schlussel Geloscht : HKLM\Software\Iminent
Schlussel Geloscht : HKLM\Software\InstallCore
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\05ea5bdc3f82769bb2eeb89a386bc782
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\33b709e6d787d5e9ad13c6d2e7561ee9
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6729c8094a6a3b5a6abc86f976924cbe
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f0d06ce4489974b55f854f25d55e962e
Schlussel Geloscht : HKLM\Software\PIP
Schlussel Geloscht : HKLM\Software\qvo6Software
Schlussel Geloscht : HKLM\Software\systweak
Schlussel Geloscht : HKLM\Software\V9
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\dedc8de73ce444
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Schlussel Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlussel Geloscht : HKU\S-1-5-21-2855986137-2966401962-2417362070-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlussel Geloscht : HKU\S-1-5-21-2855986137-2966401962-2417362070-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlussel Geloscht : HKU\S-1-5-21-2855986137-2966401962-2417362070-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Geloscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Geloscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16496
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8640e47c-a41c-4742-afa9-502d6716ac10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8640e47c-a41c-4742-afa9-502d6716ac10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8640e47c-a41c-4742-afa9-502d6716ac10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8640e47c-a41c-4742-afa9-502d6716ac10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=20/04/2013&type=hp1000 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9750423AS_6WS0GSWDXXXX6WS0GSWD&ts=1373110141 --> hxxp://www.google.com
*************************
AdwCleaner[S1].txt - [13070 octets] - [01/08/2013 10:27:21]
########## EOF - C:\AdwCleaner[S1].txt - [13131 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by 1487204 (administrator) on 01-08-2013 10:34:34
Running from C:\Users\1487204\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Spotify Ltd) C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\1487204\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [Spotify Web Helper] - C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-12] (Spotify Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SCheck] - C:\Users\1487204\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\1487204\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [Intermediate] - C:\Users\1487204\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Gast\...\Run: [Spotify Web Helper] - C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-12] (Spotify Ltd)
HKU\Gast\...\Run: [Exetender] - "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup [x]
HKU\Gast\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-28] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=aolde-ie&s_qt=sb&tb_uuid=B5F34C4E3C6F402C9E30EAEC6AF75503&tb_oid=09-05-2013&tb_mrud=09-05-2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
DPF: HKLM-x32 {21CEC2FC-24FA-4EEB-A043-3CC248060880} hxxp://www.digimonmasters.com/inc/ActiveX/launcher/Digitalic%20Launcher.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: msdaipp - No CLSID Value -
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 10 C:\Windows\system32\nsp9pfbl.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\FantastiGames\npExentCtl.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1487204\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1487204\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: m2k - C:\Users\1487204\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi
FF Extension: No Name - C:\Users\1487204\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
==================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2556896 2013-04-24] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3969336 2012-04-05] (INCA Internet Co., Ltd.)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
S2 Dnscache; %SystemRoot%\System32\pouau9wjp.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]
==================== Drivers (Whitelisted) ====================
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [20480 2009-05-12] (Danish Wireless Design A/S)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-09] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-09] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-17] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-09] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-06-02] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-06-02] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-09] (G Data Software AG)
R0 kbdsim; C:\Windows\System32\drivers\kbdsim.sys [31872 2013-05-01] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R0 mousim; C:\Windows\System32\drivers\mousim.sys [31872 2013-05-01] ()
S3 PVUSB; C:\Windows\System32\DRIVERS\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-01 10:33 - 2013-08-01 10:33 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64 (1).exe
2013-08-01 10:27 - 2013-08-01 10:28 - 00013169 _____ C:\AdwCleaner[S1].txt
2013-08-01 10:24 - 2013-08-01 10:24 - 00666633 _____ C:\Users\1487204\Desktop\adwcleaner.exe
2013-08-01 10:08 - 2013-08-01 10:08 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-01 10:08 - 2013-08-01 10:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 10:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-01 10:07 - 2013-08-01 10:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-07-31 21:36 - 2013-07-31 21:36 - 00029628 _____ C:\ComboFix.txt
2013-07-31 11:08 - 2013-07-31 21:36 - 00000000 ____D C:\Qoobox
2013-07-31 11:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-31 11:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-31 11:08 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-31 11:07 - 2013-07-31 21:35 - 00000000 ____D C:\Windows\erdnt
2013-07-31 11:06 - 2013-07-31 11:06 - 05098210 ____R (Swearware) C:\Users\1487204\Downloads\ComboFix.exe
2013-07-31 10:06 - 2013-07-31 10:07 - 00000000 ____D C:\Users\1487204\AppData\Local\{C4AC80F0-7672-403B-A028-8D3BAE65F94E}
2013-07-30 22:04 - 2013-07-30 22:04 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64.exe
2013-07-30 22:04 - 2013-07-30 22:04 - 00000000 ____D C:\FRST
2013-07-30 22:03 - 2013-07-31 00:27 - 00000000 ____D C:\Users\1487204\Desktop\laptop saubermachen
2013-07-30 07:29 - 2013-07-30 07:30 - 00000000 ____D C:\Users\1487204\AppData\Local\{A9CDB25B-5BEA-4A73-A878-41F560F7B030}
2013-07-29 07:41 - 2013-07-29 07:41 - 00000000 ____D C:\Users\1487204\AppData\Local\{4BA6CBC4-2AE8-4F82-8CD6-C3EE45364D6A}
2013-07-28 15:20 - 2013-07-28 15:20 - 00000000 ____D C:\Users\1487204\AppData\Local\{34767BF2-D97D-4502-8DF1-DD39EC08A2B8}
2013-07-28 15:19 - 2013-07-28 15:19 - 00297440 _____ C:\Windows\Minidump\072813-22776-01.dmp
2013-07-28 15:18 - 2013-07-28 15:18 - 651285183 _____ C:\Windows\MEMORY.DMP
2013-07-27 21:01 - 2013-07-27 21:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{807E84CB-D3AC-4271-977C-8A0D3FFB7C68}
2013-07-27 07:27 - 2013-07-27 07:27 - 00000000 ____D C:\Users\1487204\AppData\Local\{3AB7F902-B7B9-478A-81E9-00670B032E64}
2013-07-26 14:20 - 2013-07-26 14:20 - 00000570 _____ C:\Users\Public\Desktop\Cube World.lnk
2013-07-26 14:20 - 2013-07-26 14:20 - 00000000 ____D C:\ProgramData\Picroma
2013-07-26 14:19 - 2013-07-26 14:19 - 01620442 _____ (Picroma ) C:\Users\1487204\Downloads\CubeSetup3.exe
2013-07-26 12:55 - 2013-07-26 12:55 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo (1).zip
2013-07-26 12:52 - 2013-07-26 12:52 - 00292184 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\dxwebsetup.exe
2013-07-26 12:49 - 2013-07-26 12:50 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo.zip
2013-07-25 23:11 - 2013-07-25 23:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{A2FA6DAD-F4CF-44C2-A390-F5FD6691C685}
2013-07-25 22:22 - 2013-07-25 22:22 - 00000000 ____D C:\Users\1487204\AppData\Local\Aeria Games
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\Aeria Games
2013-07-25 22:17 - 2013-07-26 12:42 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-25 22:17 - 2013-07-25 22:17 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Aeria Games & Entertainment
2013-07-25 20:55 - 2013-07-25 20:55 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader (1).exe
2013-07-25 20:24 - 2013-07-25 20:24 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader.exe
2013-07-19 22:42 - 2013-07-19 22:42 - 00000000 ____D C:\Users\1487204\AppData\Local\{39F4A88F-2D8D-4192-A776-5725857F2021}
2013-07-19 15:45 - 2013-07-19 15:45 - 01270003 _____ C:\Users\1487204\Downloads\PSX2PSP_v1.4.2.zip
2013-07-19 14:41 - 2013-07-19 14:42 - 05292568 _____ C:\Users\1487204\Downloads\popsloader-v4e.zip
2013-07-19 14:17 - 2013-07-19 14:25 - 38985728 _____ C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\StarApp
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-19 13:57 - 2013-07-19 13:57 - 05260600 _____ C:\Users\1487204\Downloads\popsloader (1).zip
2013-07-19 13:29 - 2013-07-19 13:29 - 00247765 _____ C:\Users\1487204\Downloads\XMBCTrl.zip
2013-07-19 13:11 - 2013-07-19 13:12 - 05260600 _____ C:\Users\1487204\Downloads\popsloader.zip
2013-07-19 12:43 - 2013-07-19 12:43 - 00013426 _____ C:\Users\1487204\Downloads\12645_DA_POPSloaderPlugin_300311.zip
2013-07-19 12:35 - 2013-07-19 12:35 - 02040534 _____ C:\Users\1487204\Downloads\icetea1.3_win.zip
2013-07-19 12:32 - 2013-07-19 12:32 - 00000000 ____D C:\Users\1487204\AppData\Roaming\ImgBurn
2013-07-19 12:26 - 2013-08-01 10:29 - 00000340 _____ C:\Windows\Tasks\spmonitor.job
2013-07-19 12:26 - 2013-07-19 12:26 - 00002510 _____ C:\Windows\System32\Tasks\spmonitor
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Uniblue
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-07-19 12:25 - 2013-07-19 12:25 - 00001831 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-07-19 12:25 - 2013-07-19 12:25 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-07-19 12:24 - 2013-07-19 12:25 - 03469871 _____ (LIGHTNING UK!) C:\Users\1487204\Downloads\SetupImgBurn_2.5.8.0.exe
2013-07-17 15:53 - 2013-07-17 16:40 - 746127808 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part2.rar
2013-07-17 14:55 - 2013-07-17 15:52 - 1048576000 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part1.rar
2013-07-17 12:27 - 2013-07-17 12:27 - 00000196 _____ C:\Users\1487204\Downloads\4d4c9115-f044-4595-9056-93b1fd94fb6e.htm
2013-07-15 07:44 - 2013-07-15 07:44 - 00000000 ____D C:\Users\1487204\AppData\Local\{54988270-985A-4C08-A1E2-3970B14ACA70}
2013-07-14 07:48 - 2013-07-14 08:07 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 11:17 - 2013-07-13 11:17 - 00000000 ____D C:\Users\1487204\AppData\Local\{4C27CA99-76B2-408D-8950-DAC855DEBD1E}
2013-07-13 11:02 - 2013-07-13 11:02 - 00000000 ____D C:\Users\1487204\AppData\Local\{49107F91-4B47-4263-9EA5-51B40C878760}
2013-07-13 08:07 - 2013-07-13 08:07 - 00675988 _____ C:\Users\1487204\Downloads\Minecraft.exe
2013-07-12 22:52 - 2013-07-12 22:52 - 00000000 ____D C:\Users\1487204\AppData\Local\{A22B4154-B20A-4811-8036-5DCF4B24262B}
2013-07-12 21:11 - 2013-07-12 21:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{6C055D5F-EB8C-4ED1-B78B-5A1856594FAE}
2013-07-12 14:22 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 14:22 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 14:22 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 14:22 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 14:22 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 14:22 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 14:22 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 14:22 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 14:22 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 14:22 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 14:22 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 14:22 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 14:22 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 14:22 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 14:22 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 14:22 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 14:22 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-12 14:22 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 14:22 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 14:22 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-12 14:22 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 14:22 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-12 14:22 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-12 14:22 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 14:22 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 14:22 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 14:22 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 14:22 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-12 14:22 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 16:57 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:57 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 16:57 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:57 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 16:56 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:56 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 16:56 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 20:37 - 2013-07-10 20:37 - 00004589 _____ C:\Users\1487204\Documents\Stickman.piv
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SSync
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SCheck
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Intermediate
2013-07-10 20:03 - 2013-08-01 10:19 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Common
2013-07-10 20:03 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\PiccShare
2013-07-10 20:01 - 2013-07-10 20:02 - 00000000 ____D C:\Program Files (x86)\Pivot Stickfigure Animator
2013-07-10 07:01 - 2013-07-10 07:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{C929E05D-3774-48AE-9998-C5998334D76F}
2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-09 14:22 - 2013-07-09 14:26 - 39074536 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\FileFormatConverters.exe
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Downloads\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Desktop\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-07 11:51 - 2013-07-07 11:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{F4353331-D22F-4CA8-96D0-EBB02B158F0C}
2013-07-07 08:47 - 2013-07-07 08:47 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3 (1).exe
2013-07-06 21:00 - 2013-07-06 21:00 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3.exe
2013-07-06 13:50 - 2013-07-06 13:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{84ECADAB-8C61-46CF-A835-D76BA66B795B}
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Malwarebytes
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-06 13:39 - 2013-07-06 13:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-03 14:12 - 2013-07-03 14:24 - 00015409 _____ C:\Windows\IE10_main.log
2013-07-03 14:07 - 2013-07-06 13:29 - 00001679 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-03 13:15 - 2013-08-01 10:29 - 00193070 _____ C:\Windows\PFRO.log
2013-07-03 13:15 - 2013-08-01 10:29 - 00002128 _____ C:\Windows\setupact.log
2013-07-03 13:15 - 2013-07-12 21:09 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-03 13:15 - 2013-07-03 13:15 - 00000000 _____ C:\Windows\setuperr.log
2013-07-03 12:20 - 2013-08-01 07:15 - 00002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-03 12:06 - 2013-07-03 12:06 - 00065312 _____ C:\Users\1487204\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 11:54 - 2013-07-03 11:54 - 00495120 _____ C:\Users\1487204\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-07-03 11:54 - 2013-07-03 11:54 - 00186028 _____ C:\Users\1487204\Downloads\Todays_PSN_Codes_Database_-20.rar
2013-07-03 11:50 - 2013-07-03 11:50 - 00495128 _____ C:\Users\1487204\Downloads\beatCelebPlayer_RocketFuelInstaller.exe
2013-07-03 11:48 - 2013-07-03 11:48 - 01588224 _____ C:\Users\1487204\Downloads\PSN Code Generator v2 [Giftcardsbay.com] .exe
174
==================== One Month Modified Files and Folders =======
2013-08-01 10:33 - 2013-08-01 10:33 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64 (1).exe
2013-08-01 10:29 - 2013-07-19 12:26 - 00000340 _____ C:\Windows\Tasks\spmonitor.job
2013-08-01 10:29 - 2013-07-03 13:15 - 00193070 _____ C:\Windows\PFRO.log
2013-08-01 10:29 - 2013-07-03 13:15 - 00002128 _____ C:\Windows\setupact.log
2013-08-01 10:29 - 2011-12-09 21:36 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 10:29 - 2011-11-23 02:57 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-01 10:29 - 2011-11-23 02:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-01 10:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 10:28 - 2013-08-01 10:27 - 00013169 _____ C:\AdwCleaner[S1].txt
2013-08-01 10:28 - 2013-06-09 10:26 - 01953099 _____ C:\Windows\WindowsUpdate.log
2013-08-01 10:28 - 2013-03-13 16:46 - 00000000 ____D C:\Users\1487204\Desktop\Spiele
2013-08-01 10:28 - 2011-12-01 09:12 - 00001106 _____ C:\Users\1487204\Desktop\Internet Explorer.lnk
2013-08-01 10:28 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 10:28 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 10:24 - 2013-08-01 10:24 - 00666633 _____ C:\Users\1487204\Desktop\adwcleaner.exe
2013-08-01 10:19 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Common
2013-08-01 10:13 - 2011-12-09 21:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 10:08 - 2013-08-01 10:08 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-01 10:08 - 2013-08-01 10:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 10:07 - 2013-08-01 10:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-08-01 07:15 - 2013-07-03 12:20 - 00002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 21:36 - 2013-07-31 21:36 - 00029628 _____ C:\ComboFix.txt
2013-07-31 21:36 - 2013-07-31 11:08 - 00000000 ____D C:\Qoobox
2013-07-31 21:35 - 2013-07-31 11:07 - 00000000 ____D C:\Windows\erdnt
2013-07-31 21:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-31 21:08 - 2013-04-18 08:35 - 00000000 ____D C:\Users\1487204\Desktop\Launcher
2013-07-31 19:03 - 2013-04-17 16:07 - 00000000 ____D C:\Users\1487204\Tracing
2013-07-31 11:06 - 2013-07-31 11:06 - 05098210 ____R (Swearware) C:\Users\1487204\Downloads\ComboFix.exe
2013-07-31 10:07 - 2013-07-31 10:06 - 00000000 ____D C:\Users\1487204\AppData\Local\{C4AC80F0-7672-403B-A028-8D3BAE65F94E}
2013-07-31 00:27 - 2013-07-30 22:03 - 00000000 ____D C:\Users\1487204\Desktop\laptop saubermachen
2013-07-30 22:04 - 2013-07-30 22:04 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64.exe
2013-07-30 22:04 - 2013-07-30 22:04 - 00000000 ____D C:\FRST
2013-07-30 07:30 - 2013-07-30 07:29 - 00000000 ____D C:\Users\1487204\AppData\Local\{A9CDB25B-5BEA-4A73-A878-41F560F7B030}
2013-07-29 07:41 - 2013-07-29 07:41 - 00000000 ____D C:\Users\1487204\AppData\Local\{4BA6CBC4-2AE8-4F82-8CD6-C3EE45364D6A}
2013-07-28 15:20 - 2013-07-28 15:20 - 00000000 ____D C:\Users\1487204\AppData\Local\{34767BF2-D97D-4502-8DF1-DD39EC08A2B8}
2013-07-28 15:19 - 2013-07-28 15:19 - 00297440 _____ C:\Windows\Minidump\072813-22776-01.dmp
2013-07-28 15:19 - 2012-08-23 13:23 - 00000000 ____D C:\Windows\Minidump
2013-07-28 15:18 - 2013-07-28 15:18 - 651285183 _____ C:\Windows\MEMORY.DMP
2013-07-27 21:01 - 2013-07-27 21:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{807E84CB-D3AC-4271-977C-8A0D3FFB7C68}
2013-07-27 07:27 - 2013-07-27 07:27 - 00000000 ____D C:\Users\1487204\AppData\Local\{3AB7F902-B7B9-478A-81E9-00670B032E64}
2013-07-26 14:20 - 2013-07-26 14:20 - 00000570 _____ C:\Users\Public\Desktop\Cube World.lnk
2013-07-26 14:20 - 2013-07-26 14:20 - 00000000 ____D C:\ProgramData\Picroma
2013-07-26 14:19 - 2013-07-26 14:19 - 01620442 _____ (Picroma ) C:\Users\1487204\Downloads\CubeSetup3.exe
2013-07-26 12:55 - 2013-07-26 12:55 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo (1).zip
2013-07-26 12:52 - 2013-07-26 12:52 - 00292184 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\dxwebsetup.exe
2013-07-26 12:52 - 2011-12-19 15:46 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-26 12:50 - 2013-07-26 12:49 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo.zip
2013-07-26 12:44 - 2013-04-26 19:42 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-07-26 12:43 - 2013-05-02 21:21 - 00000000 ____D C:\AeriaGames
2013-07-26 12:42 - 2013-07-25 22:17 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-25 23:11 - 2013-07-25 23:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{A2FA6DAD-F4CF-44C2-A390-F5FD6691C685}
2013-07-25 23:06 - 2011-11-23 02:56 - 00002778 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-25 22:22 - 2013-07-25 22:22 - 00000000 ____D C:\Users\1487204\AppData\Local\Aeria Games
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\Aeria Games
2013-07-25 22:17 - 2013-07-25 22:17 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Aeria Games & Entertainment
2013-07-25 20:55 - 2013-07-25 20:55 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader (1).exe
2013-07-25 20:24 - 2013-07-25 20:24 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader.exe
2013-07-25 17:08 - 2013-02-21 21:38 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Spotify
2013-07-25 15:03 - 2013-02-21 21:39 - 00000000 ____D C:\Users\1487204\AppData\Local\Spotify
2013-07-21 08:53 - 2013-02-11 16:00 - 00000000 ____D C:\Users\1487204\AppData\Roaming\.minecraft
2013-07-19 22:42 - 2013-07-19 22:42 - 00000000 ____D C:\Users\1487204\AppData\Local\{39F4A88F-2D8D-4192-A776-5725857F2021}
2013-07-19 15:45 - 2013-07-19 15:45 - 01270003 _____ C:\Users\1487204\Downloads\PSX2PSP_v1.4.2.zip
2013-07-19 14:42 - 2013-07-19 14:41 - 05292568 _____ C:\Users\1487204\Downloads\popsloader-v4e.zip
2013-07-19 14:25 - 2013-07-19 14:17 - 38985728 _____ C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\StarApp
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-19 13:57 - 2013-07-19 13:57 - 05260600 _____ C:\Users\1487204\Downloads\popsloader (1).zip
2013-07-19 13:29 - 2013-07-19 13:29 - 00247765 _____ C:\Users\1487204\Downloads\XMBCTrl.zip
2013-07-19 13:12 - 2013-07-19 13:11 - 05260600 _____ C:\Users\1487204\Downloads\popsloader.zip
2013-07-19 12:43 - 2013-07-19 12:43 - 00013426 _____ C:\Users\1487204\Downloads\12645_DA_POPSloaderPlugin_300311.zip
2013-07-19 12:35 - 2013-07-19 12:35 - 02040534 _____ C:\Users\1487204\Downloads\icetea1.3_win.zip
2013-07-19 12:32 - 2013-07-19 12:32 - 00000000 ____D C:\Users\1487204\AppData\Roaming\ImgBurn
2013-07-19 12:26 - 2013-07-19 12:26 - 00002510 _____ C:\Windows\System32\Tasks\spmonitor
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Uniblue
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-07-19 12:25 - 2013-07-19 12:25 - 00001831 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-07-19 12:25 - 2013-07-19 12:25 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-07-19 12:25 - 2013-07-19 12:24 - 03469871 _____ (LIGHTNING UK!) C:\Users\1487204\Downloads\SetupImgBurn_2.5.8.0.exe
2013-07-18 20:03 - 2011-02-19 06:24 - 00698164 _____ C:\Windows\system32\perfh007.dat
2013-07-18 20:03 - 2011-02-19 06:24 - 00151632 _____ C:\Windows\system32\perfc007.dat
2013-07-18 20:03 - 2009-07-14 07:13 - 01644368 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 16:40 - 2013-07-17 15:53 - 746127808 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part2.rar
2013-07-17 15:52 - 2013-07-17 14:55 - 1048576000 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part1.rar
2013-07-17 12:27 - 2013-07-17 12:27 - 00000196 _____ C:\Users\1487204\Downloads\4d4c9115-f044-4595-9056-93b1fd94fb6e.htm
2013-07-16 14:08 - 2011-12-09 21:36 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 14:08 - 2011-12-09 21:36 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 07:44 - 2013-07-15 07:44 - 00000000 ____D C:\Users\1487204\AppData\Local\{54988270-985A-4C08-A1E2-3970B14ACA70}
2013-07-15 07:42 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 08:07 - 2013-07-14 07:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 11:17 - 2013-07-13 11:17 - 00000000 ____D C:\Users\1487204\AppData\Local\{4C27CA99-76B2-408D-8950-DAC855DEBD1E}
2013-07-13 11:02 - 2013-07-13 11:02 - 00000000 ____D C:\Users\1487204\AppData\Local\{49107F91-4B47-4263-9EA5-51B40C878760}
2013-07-13 08:07 - 2013-07-13 08:07 - 00675988 _____ C:\Users\1487204\Downloads\Minecraft.exe
2013-07-13 08:06 - 2013-03-13 16:48 - 00000000 ____D C:\Users\1487204\Desktop\Minecraft
2013-07-12 22:52 - 2013-07-12 22:52 - 00000000 ____D C:\Users\1487204\AppData\Local\{A22B4154-B20A-4811-8036-5DCF4B24262B}
2013-07-12 21:11 - 2013-07-12 21:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{6C055D5F-EB8C-4ED1-B78B-5A1856594FAE}
2013-07-12 21:11 - 2011-11-23 02:56 - 00001498 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-12 21:09 - 2013-07-03 13:15 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 21:07 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 21:07 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 21:07 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:29 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-07-12 14:11 - 2013-03-14 08:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 14:11 - 2013-03-14 08:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 20:37 - 2013-07-10 20:37 - 00004589 _____ C:\Users\1487204\Documents\Stickman.piv
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SSync
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SCheck
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Intermediate
2013-07-10 20:06 - 2011-12-09 21:36 - 00000000 ____D C:\Users\1487204\AppData\Local\Google
2013-07-10 20:05 - 2011-04-13 04:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-10 20:03 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\PiccShare
2013-07-10 20:02 - 2013-07-10 20:01 - 00000000 ____D C:\Program Files (x86)\Pivot Stickfigure Animator
2013-07-10 20:02 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-10 07:01 - 2013-07-10 07:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{C929E05D-3774-48AE-9998-C5998334D76F}
2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-09 14:38 - 2011-04-13 04:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-09 14:26 - 2013-07-09 14:22 - 39074536 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\FileFormatConverters.exe
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Downloads\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Desktop\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-07 11:51 - 2013-07-07 11:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{F4353331-D22F-4CA8-96D0-EBB02B158F0C}
2013-07-07 08:48 - 2013-01-23 17:05 - 00000000 ____D C:\Users\1487204\AppData\Local\CRE
2013-07-07 08:47 - 2013-07-07 08:47 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3 (1).exe
2013-07-06 21:00 - 2013-07-06 21:00 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3.exe
2013-07-06 13:51 - 2013-07-06 13:50 - 00000000 ____D C:\Users\1487204\AppData\Local\{84ECADAB-8C61-46CF-A835-D76BA66B795B}
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Malwarebytes
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-06 13:39 - 2013-07-06 13:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-06 13:29 - 2013-07-03 14:07 - 00001679 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-06 13:29 - 2013-03-16 10:09 - 00001661 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-04 20:12 - 2013-03-13 16:49 - 00000000 ____D C:\Users\1487204\Desktop\Sonstiges
2013-07-04 17:16 - 2011-12-31 16:10 - 00000000 ____D C:\Users\1487204\AppData\Local\Paint.NET
2013-07-03 14:24 - 2013-07-03 14:12 - 00015409 _____ C:\Windows\IE10_main.log
2013-07-03 14:05 - 2009-07-29 08:03 - 00000000 ____D C:\Windows\Panther
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 13:15 - 2013-07-03 13:15 - 00000000 _____ C:\Windows\setuperr.log
2013-07-03 12:06 - 2013-07-03 12:06 - 00065312 _____ C:\Users\1487204\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 11:54 - 2013-07-03 11:54 - 00495120 _____ C:\Users\1487204\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-07-03 11:54 - 2013-07-03 11:54 - 00186028 _____ C:\Users\1487204\Downloads\Todays_PSN_Codes_Database_-20.rar
2013-07-03 11:52 - 2011-01-07 15:39 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-07-03 11:52 - 2011-01-07 15:39 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-07-03 11:50 - 2013-07-03 11:50 - 00495128 _____ C:\Users\1487204\Downloads\beatCelebPlayer_RocketFuelInstaller.exe
2013-07-03 11:48 - 2013-07-03 11:48 - 01588224 _____ C:\Users\1487204\Downloads\PSN Code Generator v2 [Giftcardsbay.com] .exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-27 23:02
==================== End Of Log ============================
--- --- --- |
|
01.08.2013, 11:42
| #10 |
| /// the machine /// TB-Ausbilder | Ungültiges Bild - Win7ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.08.2013, 20:46
| #11 |
| | Ungültiges Bild - Win7 Hier die Esetlogfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8b0bf28a8c2cf94bb905a85883e392d5
# engine=14608
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-01 01:44:03
# local_time=2013-08-01 03:44:03 (+0100, Mitteleurop?sche Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 1708612 126994493 0 0
# scanned=185261
# found=3
# cleaned=0
# scan_time=8828
sh=2DCA938D44AF7CE306DCCF3944A7EF271AF671CA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\1487204\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6bb18f4d-4f43e6c8"
sh=AA972EBF062CEF97F91F614AF45ECBC6DF1D3A98 ft=1 fh=c98053a81802df43 vn="a variant of MSIL/PSW.Agent.NJQ trojan" ac=I fn="C:\Users\1487204\Desktop\Spiele\GDMO\UserData\mischiboo\Lilithmon\ModernKilla\Dgimon Masters Hack.exe"
sh=5BF051A1C8D3D5734B9D1C519947E10E9D143EE1 ft=1 fh=bb6235ac2e60802b vn="Win32/Adware.1ClickDownload.AI application" ac=I fn="C:\Users\1487204\Downloads\Oblivion.exe"
Hier die SecurityCheck Logfile : Code:
ATTFilter Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` G Data InternetSecurity 2014 Trend Micro Titanium Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 35 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.5.502.135 Flash Player out of Date! Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by 1487204 (administrator) on 01-08-2013 21:43:16
Running from C:\Users\1487204\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Spotify Ltd) C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\1487204\Desktop\SecurityCheck.exe
(Farbar) C:\Users\1487204\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [Spotify Web Helper] - C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-12] (Spotify Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SCheck] - C:\Users\1487204\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\1487204\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [Intermediate] - C:\Users\1487204\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444304 2013-03-22] (G Data Software AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Gast\...\Run: [Spotify Web Helper] - C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-12] (Spotify Ltd)
HKU\Gast\...\Run: [Exetender] - "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup [x]
HKU\Gast\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-28] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=aolde-ie&s_qt=sb&tb_uuid=B5F34C4E3C6F402C9E30EAEC6AF75503&tb_oid=09-05-2013&tb_mrud=09-05-2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
DPF: HKLM-x32 {21CEC2FC-24FA-4EEB-A043-3CC248060880} hxxp://www.digimonmasters.com/inc/ActiveX/launcher/Digitalic%20Launcher.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: msdaipp - No CLSID Value -
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 10 C:\Windows\system32\nsp9pfbl.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\FantastiGames\npExentCtl.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1487204\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1487204\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: m2k - C:\Users\1487204\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi
FF Extension: No Name - C:\Users\1487204\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
==================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1957840 2013-03-22] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2556896 2013-04-24] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2926672 2013-03-22] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3969336 2012-04-05] (INCA Internet Co., Ltd.)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
S2 Dnscache; %SystemRoot%\System32\pouau9wjp.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]
==================== Drivers (Whitelisted) ====================
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [20480 2009-05-12] (Danish Wireless Design A/S)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-06-09] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2013-06-09] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-05-17] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-06-09] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-06-02] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-06-02] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2013-06-09] (G Data Software AG)
R0 kbdsim; C:\Windows\System32\drivers\kbdsim.sys [31872 2013-05-01] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R0 mousim; C:\Windows\System32\drivers\mousim.sys [31872 2013-05-01] ()
S3 PVUSB; C:\Windows\System32\DRIVERS\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-01 20:47 - 2013-08-01 20:47 - 00891098 _____ C:\Users\1487204\Desktop\SecurityCheck.exe
2013-08-01 13:15 - 2013-08-01 13:15 - 02347384 _____ (ESET) C:\Users\1487204\Downloads\esetsmartinstaller_enu.exe
2013-08-01 13:15 - 2013-08-01 13:15 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-01 10:33 - 2013-08-01 10:33 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64 (1).exe
2013-08-01 10:27 - 2013-08-01 10:28 - 00013169 _____ C:\AdwCleaner[S1].txt
2013-08-01 10:24 - 2013-08-01 10:24 - 00666633 _____ C:\Users\1487204\Desktop\adwcleaner.exe
2013-08-01 10:08 - 2013-08-01 10:08 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-01 10:08 - 2013-08-01 10:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 10:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-01 10:07 - 2013-08-01 10:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-07-31 21:36 - 2013-07-31 21:36 - 00029628 _____ C:\ComboFix.txt
2013-07-31 11:08 - 2013-07-31 21:36 - 00000000 ____D C:\Qoobox
2013-07-31 11:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-31 11:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-31 11:08 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-31 11:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-31 11:07 - 2013-07-31 21:35 - 00000000 ____D C:\Windows\erdnt
2013-07-31 11:06 - 2013-07-31 11:06 - 05098210 ____R (Swearware) C:\Users\1487204\Downloads\ComboFix.exe
2013-07-31 10:06 - 2013-07-31 10:07 - 00000000 ____D C:\Users\1487204\AppData\Local\{C4AC80F0-7672-403B-A028-8D3BAE65F94E}
2013-07-30 22:04 - 2013-07-30 22:04 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64.exe
2013-07-30 22:04 - 2013-07-30 22:04 - 00000000 ____D C:\FRST
2013-07-30 22:03 - 2013-07-31 00:27 - 00000000 ____D C:\Users\1487204\Desktop\laptop saubermachen
2013-07-30 07:29 - 2013-07-30 07:30 - 00000000 ____D C:\Users\1487204\AppData\Local\{A9CDB25B-5BEA-4A73-A878-41F560F7B030}
2013-07-29 07:41 - 2013-07-29 07:41 - 00000000 ____D C:\Users\1487204\AppData\Local\{4BA6CBC4-2AE8-4F82-8CD6-C3EE45364D6A}
2013-07-28 15:20 - 2013-07-28 15:20 - 00000000 ____D C:\Users\1487204\AppData\Local\{34767BF2-D97D-4502-8DF1-DD39EC08A2B8}
2013-07-28 15:19 - 2013-07-28 15:19 - 00297440 _____ C:\Windows\Minidump\072813-22776-01.dmp
2013-07-28 15:18 - 2013-07-28 15:18 - 651285183 _____ C:\Windows\MEMORY.DMP
2013-07-27 21:01 - 2013-07-27 21:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{807E84CB-D3AC-4271-977C-8A0D3FFB7C68}
2013-07-27 07:27 - 2013-07-27 07:27 - 00000000 ____D C:\Users\1487204\AppData\Local\{3AB7F902-B7B9-478A-81E9-00670B032E64}
2013-07-26 14:20 - 2013-07-26 14:20 - 00000570 _____ C:\Users\Public\Desktop\Cube World.lnk
2013-07-26 14:20 - 2013-07-26 14:20 - 00000000 ____D C:\ProgramData\Picroma
2013-07-26 14:19 - 2013-07-26 14:19 - 01620442 _____ (Picroma ) C:\Users\1487204\Downloads\CubeSetup3.exe
2013-07-26 12:55 - 2013-07-26 12:55 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo (1).zip
2013-07-26 12:52 - 2013-07-26 12:52 - 00292184 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\dxwebsetup.exe
2013-07-26 12:49 - 2013-07-26 12:50 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo.zip
2013-07-25 23:11 - 2013-07-25 23:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{A2FA6DAD-F4CF-44C2-A390-F5FD6691C685}
2013-07-25 22:22 - 2013-07-25 22:22 - 00000000 ____D C:\Users\1487204\AppData\Local\Aeria Games
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\Aeria Games
2013-07-25 22:17 - 2013-07-26 12:42 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-25 22:17 - 2013-07-25 22:17 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Aeria Games & Entertainment
2013-07-25 20:55 - 2013-07-25 20:55 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader (1).exe
2013-07-25 20:24 - 2013-07-25 20:24 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader.exe
2013-07-19 22:42 - 2013-07-19 22:42 - 00000000 ____D C:\Users\1487204\AppData\Local\{39F4A88F-2D8D-4192-A776-5725857F2021}
2013-07-19 15:45 - 2013-07-19 15:45 - 01270003 _____ C:\Users\1487204\Downloads\PSX2PSP_v1.4.2.zip
2013-07-19 14:41 - 2013-07-19 14:42 - 05292568 _____ C:\Users\1487204\Downloads\popsloader-v4e.zip
2013-07-19 14:17 - 2013-07-19 14:25 - 38985728 _____ C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\StarApp
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-19 13:57 - 2013-07-19 13:57 - 05260600 _____ C:\Users\1487204\Downloads\popsloader (1).zip
2013-07-19 13:29 - 2013-07-19 13:29 - 00247765 _____ C:\Users\1487204\Downloads\XMBCTrl.zip
2013-07-19 13:11 - 2013-07-19 13:12 - 05260600 _____ C:\Users\1487204\Downloads\popsloader.zip
2013-07-19 12:43 - 2013-07-19 12:43 - 00013426 _____ C:\Users\1487204\Downloads\12645_DA_POPSloaderPlugin_300311.zip
2013-07-19 12:35 - 2013-07-19 12:35 - 02040534 _____ C:\Users\1487204\Downloads\icetea1.3_win.zip
2013-07-19 12:32 - 2013-07-19 12:32 - 00000000 ____D C:\Users\1487204\AppData\Roaming\ImgBurn
2013-07-19 12:26 - 2013-08-01 10:29 - 00000340 _____ C:\Windows\Tasks\spmonitor.job
2013-07-19 12:26 - 2013-07-19 12:26 - 00002510 _____ C:\Windows\System32\Tasks\spmonitor
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Uniblue
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-07-19 12:25 - 2013-07-19 12:25 - 00001831 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-07-19 12:25 - 2013-07-19 12:25 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-07-19 12:24 - 2013-07-19 12:25 - 03469871 _____ (LIGHTNING UK!) C:\Users\1487204\Downloads\SetupImgBurn_2.5.8.0.exe
2013-07-17 15:53 - 2013-07-17 16:40 - 746127808 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part2.rar
2013-07-17 14:55 - 2013-07-17 15:52 - 1048576000 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part1.rar
2013-07-17 12:27 - 2013-07-17 12:27 - 00000196 _____ C:\Users\1487204\Downloads\4d4c9115-f044-4595-9056-93b1fd94fb6e.htm
2013-07-15 07:44 - 2013-07-15 07:44 - 00000000 ____D C:\Users\1487204\AppData\Local\{54988270-985A-4C08-A1E2-3970B14ACA70}
2013-07-14 07:48 - 2013-07-14 08:07 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 11:17 - 2013-07-13 11:17 - 00000000 ____D C:\Users\1487204\AppData\Local\{4C27CA99-76B2-408D-8950-DAC855DEBD1E}
2013-07-13 11:02 - 2013-07-13 11:02 - 00000000 ____D C:\Users\1487204\AppData\Local\{49107F91-4B47-4263-9EA5-51B40C878760}
2013-07-13 08:07 - 2013-07-13 08:07 - 00675988 _____ C:\Users\1487204\Downloads\Minecraft.exe
2013-07-12 22:52 - 2013-07-12 22:52 - 00000000 ____D C:\Users\1487204\AppData\Local\{A22B4154-B20A-4811-8036-5DCF4B24262B}
2013-07-12 21:11 - 2013-07-12 21:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{6C055D5F-EB8C-4ED1-B78B-5A1856594FAE}
2013-07-12 14:22 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 14:22 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 14:22 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 14:22 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 14:22 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 14:22 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 14:22 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 14:22 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 14:22 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 14:22 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 14:22 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 14:22 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 14:22 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 14:22 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 14:22 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 14:22 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 14:22 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 14:22 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-12 14:22 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 14:22 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 14:22 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-12 14:22 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 14:22 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-12 14:22 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-12 14:22 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 14:22 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 14:22 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 14:22 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 14:22 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-12 14:22 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 16:57 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:57 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 16:57 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:57 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 16:56 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:56 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 16:56 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 20:37 - 2013-07-10 20:37 - 00004589 _____ C:\Users\1487204\Documents\Stickman.piv
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SSync
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SCheck
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Intermediate
2013-07-10 20:03 - 2013-08-01 10:19 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Common
2013-07-10 20:03 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\PiccShare
2013-07-10 20:01 - 2013-07-10 20:02 - 00000000 ____D C:\Program Files (x86)\Pivot Stickfigure Animator
2013-07-10 07:01 - 2013-07-10 07:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{C929E05D-3774-48AE-9998-C5998334D76F}
2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-09 14:22 - 2013-07-09 14:26 - 39074536 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\FileFormatConverters.exe
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Downloads\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Desktop\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-07 11:51 - 2013-07-07 11:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{F4353331-D22F-4CA8-96D0-EBB02B158F0C}
2013-07-07 08:47 - 2013-07-07 08:47 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3 (1).exe
2013-07-06 21:00 - 2013-07-06 21:00 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3.exe
2013-07-06 13:50 - 2013-07-06 13:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{84ECADAB-8C61-46CF-A835-D76BA66B795B}
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Malwarebytes
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-06 13:39 - 2013-07-06 13:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-03 14:12 - 2013-07-03 14:24 - 00015409 _____ C:\Windows\IE10_main.log
2013-07-03 14:07 - 2013-07-06 13:29 - 00001679 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-03 13:15 - 2013-08-01 10:29 - 00193070 _____ C:\Windows\PFRO.log
2013-07-03 13:15 - 2013-08-01 10:29 - 00002128 _____ C:\Windows\setupact.log
2013-07-03 13:15 - 2013-07-12 21:09 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-03 13:15 - 2013-07-03 13:15 - 00000000 _____ C:\Windows\setuperr.log
2013-07-03 12:20 - 2013-08-01 07:15 - 00002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-03 12:06 - 2013-07-03 12:06 - 00065312 _____ C:\Users\1487204\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 11:54 - 2013-07-03 11:54 - 00495120 _____ C:\Users\1487204\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-07-03 11:54 - 2013-07-03 11:54 - 00186028 _____ C:\Users\1487204\Downloads\Todays_PSN_Codes_Database_-20.rar
2013-07-03 11:50 - 2013-07-03 11:50 - 00495128 _____ C:\Users\1487204\Downloads\beatCelebPlayer_RocketFuelInstaller.exe
2013-07-03 11:48 - 2013-07-03 11:48 - 01588224 _____ C:\Users\1487204\Downloads\PSN Code Generator v2 [Giftcardsbay.com] .exe
174
==================== One Month Modified Files and Folders =======
2013-08-01 21:13 - 2011-12-09 21:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 20:47 - 2013-08-01 20:47 - 00891098 _____ C:\Users\1487204\Downloads\SecurityCheck.exe
2013-08-01 20:47 - 2013-08-01 20:47 - 00891098 _____ C:\Users\1487204\Desktop\SecurityCheck.exe
2013-08-01 14:13 - 2011-12-09 21:36 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 13:15 - 2013-08-01 13:15 - 02347384 _____ (ESET) C:\Users\1487204\Downloads\esetsmartinstaller_enu.exe
2013-08-01 13:15 - 2013-08-01 13:15 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-01 10:37 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 10:37 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 10:33 - 2013-08-01 10:33 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64 (1).exe
2013-08-01 10:29 - 2013-07-19 12:26 - 00000340 _____ C:\Windows\Tasks\spmonitor.job
2013-08-01 10:29 - 2013-07-03 13:15 - 00193070 _____ C:\Windows\PFRO.log
2013-08-01 10:29 - 2013-07-03 13:15 - 00002128 _____ C:\Windows\setupact.log
2013-08-01 10:29 - 2011-11-23 02:57 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-01 10:29 - 2011-11-23 02:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-01 10:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 10:28 - 2013-08-01 10:27 - 00013169 _____ C:\AdwCleaner[S1].txt
2013-08-01 10:28 - 2013-06-09 10:26 - 01960000 _____ C:\Windows\WindowsUpdate.log
2013-08-01 10:28 - 2013-03-13 16:46 - 00000000 ____D C:\Users\1487204\Desktop\Spiele
2013-08-01 10:28 - 2011-12-01 09:12 - 00001106 _____ C:\Users\1487204\Desktop\Internet Explorer.lnk
2013-08-01 10:24 - 2013-08-01 10:24 - 00666633 _____ C:\Users\1487204\Desktop\adwcleaner.exe
2013-08-01 10:19 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Common
2013-08-01 10:08 - 2013-08-01 10:08 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-01 10:08 - 2013-08-01 10:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-01 10:07 - 2013-08-01 10:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-08-01 07:15 - 2013-07-03 12:20 - 00002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 21:36 - 2013-07-31 21:36 - 00029628 _____ C:\ComboFix.txt
2013-07-31 21:36 - 2013-07-31 11:08 - 00000000 ____D C:\Qoobox
2013-07-31 21:35 - 2013-07-31 11:07 - 00000000 ____D C:\Windows\erdnt
2013-07-31 21:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-31 21:08 - 2013-04-18 08:35 - 00000000 ____D C:\Users\1487204\Desktop\Launcher
2013-07-31 19:03 - 2013-04-17 16:07 - 00000000 ____D C:\Users\1487204\Tracing
2013-07-31 11:06 - 2013-07-31 11:06 - 05098210 ____R (Swearware) C:\Users\1487204\Downloads\ComboFix.exe
2013-07-31 10:07 - 2013-07-31 10:06 - 00000000 ____D C:\Users\1487204\AppData\Local\{C4AC80F0-7672-403B-A028-8D3BAE65F94E}
2013-07-31 00:27 - 2013-07-30 22:03 - 00000000 ____D C:\Users\1487204\Desktop\laptop saubermachen
2013-07-30 22:04 - 2013-07-30 22:04 - 01781589 _____ (Farbar) C:\Users\1487204\Downloads\FRST64.exe
2013-07-30 22:04 - 2013-07-30 22:04 - 00000000 ____D C:\FRST
2013-07-30 07:30 - 2013-07-30 07:29 - 00000000 ____D C:\Users\1487204\AppData\Local\{A9CDB25B-5BEA-4A73-A878-41F560F7B030}
2013-07-29 07:41 - 2013-07-29 07:41 - 00000000 ____D C:\Users\1487204\AppData\Local\{4BA6CBC4-2AE8-4F82-8CD6-C3EE45364D6A}
2013-07-28 15:20 - 2013-07-28 15:20 - 00000000 ____D C:\Users\1487204\AppData\Local\{34767BF2-D97D-4502-8DF1-DD39EC08A2B8}
2013-07-28 15:19 - 2013-07-28 15:19 - 00297440 _____ C:\Windows\Minidump\072813-22776-01.dmp
2013-07-28 15:19 - 2012-08-23 13:23 - 00000000 ____D C:\Windows\Minidump
2013-07-28 15:18 - 2013-07-28 15:18 - 651285183 _____ C:\Windows\MEMORY.DMP
2013-07-27 21:01 - 2013-07-27 21:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{807E84CB-D3AC-4271-977C-8A0D3FFB7C68}
2013-07-27 07:27 - 2013-07-27 07:27 - 00000000 ____D C:\Users\1487204\AppData\Local\{3AB7F902-B7B9-478A-81E9-00670B032E64}
2013-07-26 14:20 - 2013-07-26 14:20 - 00000570 _____ C:\Users\Public\Desktop\Cube World.lnk
2013-07-26 14:20 - 2013-07-26 14:20 - 00000000 ____D C:\ProgramData\Picroma
2013-07-26 14:19 - 2013-07-26 14:19 - 01620442 _____ (Picroma ) C:\Users\1487204\Downloads\CubeSetup3.exe
2013-07-26 12:55 - 2013-07-26 12:55 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo (1).zip
2013-07-26 12:52 - 2013-07-26 12:52 - 00292184 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\dxwebsetup.exe
2013-07-26 12:52 - 2011-12-19 15:46 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-07-26 12:50 - 2013-07-26 12:49 - 03216358 _____ C:\Users\1487204\Downloads\CubeDemo.zip
2013-07-26 12:44 - 2013-04-26 19:42 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-07-26 12:43 - 2013-05-02 21:21 - 00000000 ____D C:\AeriaGames
2013-07-26 12:42 - 2013-07-25 22:17 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-25 23:11 - 2013-07-25 23:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{A2FA6DAD-F4CF-44C2-A390-F5FD6691C685}
2013-07-25 23:06 - 2011-11-23 02:56 - 00002778 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-25 22:22 - 2013-07-25 22:22 - 00000000 ____D C:\Users\1487204\AppData\Local\Aeria Games
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\Aeria Games
2013-07-25 22:17 - 2013-07-25 22:17 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Aeria Games & Entertainment
2013-07-25 20:55 - 2013-07-25 20:55 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader (1).exe
2013-07-25 20:24 - 2013-07-25 20:24 - 00489056 _____ (Aeria Games & Entertainment) C:\Users\1487204\Downloads\edeneternal_de_downloader.exe
2013-07-25 17:08 - 2013-02-21 21:38 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Spotify
2013-07-25 15:03 - 2013-02-21 21:39 - 00000000 ____D C:\Users\1487204\AppData\Local\Spotify
2013-07-21 08:53 - 2013-02-11 16:00 - 00000000 ____D C:\Users\1487204\AppData\Roaming\.minecraft
2013-07-19 22:42 - 2013-07-19 22:42 - 00000000 ____D C:\Users\1487204\AppData\Local\{39F4A88F-2D8D-4192-A776-5725857F2021}
2013-07-19 15:45 - 2013-07-19 15:45 - 01270003 _____ C:\Users\1487204\Downloads\PSX2PSP_v1.4.2.zip
2013-07-19 14:42 - 2013-07-19 14:41 - 05292568 _____ C:\Users\1487204\Downloads\popsloader-v4e.zip
2013-07-19 14:25 - 2013-07-19 14:17 - 38985728 _____ C:\Users\1487204\Downloads\popsloader 6.xx PRO_iamafreak - 6.60_support.zip
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\StarApp
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-19 13:57 - 2013-07-19 13:57 - 05260600 _____ C:\Users\1487204\Downloads\popsloader (1).zip
2013-07-19 13:29 - 2013-07-19 13:29 - 00247765 _____ C:\Users\1487204\Downloads\XMBCTrl.zip
2013-07-19 13:12 - 2013-07-19 13:11 - 05260600 _____ C:\Users\1487204\Downloads\popsloader.zip
2013-07-19 12:43 - 2013-07-19 12:43 - 00013426 _____ C:\Users\1487204\Downloads\12645_DA_POPSloaderPlugin_300311.zip
2013-07-19 12:35 - 2013-07-19 12:35 - 02040534 _____ C:\Users\1487204\Downloads\icetea1.3_win.zip
2013-07-19 12:32 - 2013-07-19 12:32 - 00000000 ____D C:\Users\1487204\AppData\Roaming\ImgBurn
2013-07-19 12:26 - 2013-07-19 12:26 - 00002510 _____ C:\Windows\System32\Tasks\spmonitor
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Uniblue
2013-07-19 12:26 - 2013-07-19 12:26 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-07-19 12:25 - 2013-07-19 12:25 - 00001831 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-07-19 12:25 - 2013-07-19 12:25 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-07-19 12:25 - 2013-07-19 12:24 - 03469871 _____ (LIGHTNING UK!) C:\Users\1487204\Downloads\SetupImgBurn_2.5.8.0.exe
2013-07-18 20:03 - 2011-02-19 06:24 - 00698164 _____ C:\Windows\system32\perfh007.dat
2013-07-18 20:03 - 2011-02-19 06:24 - 00151632 _____ C:\Windows\system32\perfc007.dat
2013-07-18 20:03 - 2009-07-14 07:13 - 01644368 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 16:40 - 2013-07-17 15:53 - 746127808 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part2.rar
2013-07-17 15:52 - 2013-07-17 14:55 - 1048576000 _____ C:\Users\1487204\Downloads\Digimon_Adventure_JPN_PSN_PSP-DWSFD.ffinsider.part1.rar
2013-07-17 12:27 - 2013-07-17 12:27 - 00000196 _____ C:\Users\1487204\Downloads\4d4c9115-f044-4595-9056-93b1fd94fb6e.htm
2013-07-16 14:08 - 2011-12-09 21:36 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 14:08 - 2011-12-09 21:36 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 07:44 - 2013-07-15 07:44 - 00000000 ____D C:\Users\1487204\AppData\Local\{54988270-985A-4C08-A1E2-3970B14ACA70}
2013-07-15 07:42 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 08:07 - 2013-07-14 07:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 11:17 - 2013-07-13 11:17 - 00000000 ____D C:\Users\1487204\AppData\Local\{4C27CA99-76B2-408D-8950-DAC855DEBD1E}
2013-07-13 11:02 - 2013-07-13 11:02 - 00000000 ____D C:\Users\1487204\AppData\Local\{49107F91-4B47-4263-9EA5-51B40C878760}
2013-07-13 08:07 - 2013-07-13 08:07 - 00675988 _____ C:\Users\1487204\Downloads\Minecraft.exe
2013-07-13 08:06 - 2013-03-13 16:48 - 00000000 ____D C:\Users\1487204\Desktop\Minecraft
2013-07-12 22:52 - 2013-07-12 22:52 - 00000000 ____D C:\Users\1487204\AppData\Local\{A22B4154-B20A-4811-8036-5DCF4B24262B}
2013-07-12 21:11 - 2013-07-12 21:11 - 00000000 ____D C:\Users\1487204\AppData\Local\{6C055D5F-EB8C-4ED1-B78B-5A1856594FAE}
2013-07-12 21:11 - 2011-11-23 02:56 - 00001498 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-12 21:09 - 2013-07-03 13:15 - 00299872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 21:07 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 21:07 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 21:07 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:29 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-07-12 14:11 - 2013-03-14 08:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 14:11 - 2013-03-14 08:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 20:37 - 2013-07-10 20:37 - 00004589 _____ C:\Users\1487204\Documents\Stickman.piv
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SSync
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\SCheck
2013-07-10 20:06 - 2013-07-10 20:06 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Intermediate
2013-07-10 20:06 - 2011-12-09 21:36 - 00000000 ____D C:\Users\1487204\AppData\Local\Google
2013-07-10 20:05 - 2011-04-13 04:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-10 20:03 - 2013-07-10 20:03 - 00000000 ____D C:\Users\1487204\AppData\Roaming\PiccShare
2013-07-10 20:02 - 2013-07-10 20:01 - 00000000 ____D C:\Program Files (x86)\Pivot Stickfigure Animator
2013-07-10 20:02 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-10 07:01 - 2013-07-10 07:01 - 00000000 ____D C:\Users\1487204\AppData\Local\{C929E05D-3774-48AE-9998-C5998334D76F}
2013-07-09 14:38 - 2013-07-09 14:38 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-09 14:38 - 2011-04-13 04:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-07-09 14:26 - 2013-07-09 14:22 - 39074536 _____ (Microsoft Corporation) C:\Users\1487204\Downloads\FileFormatConverters.exe
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Downloads\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-09 14:21 - 2013-07-09 14:21 - 00013716 _____ C:\Users\1487204\Desktop\Trainingsplan Juli + Hausaufgaben.xlsx
2013-07-07 11:51 - 2013-07-07 11:51 - 00000000 ____D C:\Users\1487204\AppData\Local\{F4353331-D22F-4CA8-96D0-EBB02B158F0C}
2013-07-07 08:48 - 2013-01-23 17:05 - 00000000 ____D C:\Users\1487204\AppData\Local\CRE
2013-07-07 08:47 - 2013-07-07 08:47 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3 (1).exe
2013-07-06 21:00 - 2013-07-06 21:00 - 01094056 _____ (Conduit) C:\Users\1487204\Downloads\FileConverter_1.3.exe
2013-07-06 13:51 - 2013-07-06 13:50 - 00000000 ____D C:\Users\1487204\AppData\Local\{84ECADAB-8C61-46CF-A835-D76BA66B795B}
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\Users\1487204\AppData\Roaming\Malwarebytes
2013-07-06 13:40 - 2013-07-06 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-06 13:39 - 2013-07-06 13:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1487204\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-06 13:29 - 2013-07-03 14:07 - 00001679 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-06 13:29 - 2013-03-16 10:09 - 00001661 _____ C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-04 20:12 - 2013-03-13 16:49 - 00000000 ____D C:\Users\1487204\Desktop\Sonstiges
2013-07-04 17:16 - 2011-12-31 16:10 - 00000000 ____D C:\Users\1487204\AppData\Local\Paint.NET
2013-07-03 14:24 - 2013-07-03 14:12 - 00015409 _____ C:\Windows\IE10_main.log
2013-07-03 14:05 - 2009-07-29 08:03 - 00000000 ____D C:\Windows\Panther
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-03 14:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 13:15 - 2013-07-03 13:15 - 00000000 _____ C:\Windows\setuperr.log
2013-07-03 12:06 - 2013-07-03 12:06 - 00065312 _____ C:\Users\1487204\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 11:54 - 2013-07-03 11:54 - 00495120 _____ C:\Users\1487204\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-07-03 11:54 - 2013-07-03 11:54 - 00186028 _____ C:\Users\1487204\Downloads\Todays_PSN_Codes_Database_-20.rar
2013-07-03 11:52 - 2011-01-07 15:39 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-07-03 11:52 - 2011-01-07 15:39 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-07-03 11:50 - 2013-07-03 11:50 - 00495128 _____ C:\Users\1487204\Downloads\beatCelebPlayer_RocketFuelInstaller.exe
2013-07-03 11:48 - 2013-07-03 11:48 - 01588224 _____ C:\Users\1487204\Downloads\PSN Code Generator v2 [Giftcardsbay.com] .exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-27 23:02
==================== End Of Log ============================
--- --- --- --- --- --- Geändert von stevoboot (01.08.2013 um 21:08 Uhr) |
|
02.08.2013, 10:58
| #12 |
| /// the machine /// TB-Ausbilder | Ungültiges Bild - Win7 Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Gast\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /600
C:\Windows\SysNative\*.dll /600
C:\Windows\SysWOW64\*.dll /600
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.08.2013, 11:40
| #13 |
| | Ungültiges Bild - Win7 Fixlog : Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by 1487204 at 2013-08-02 12:16:19 Run:1
Running from C:\Users\1487204\Downloads
Boot Mode: Normal
==============================================
HKU\Gast\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter OTL logfile created on: 02.08.2013 12:25:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1487204\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,16 Gb Total Physical Memory | 5,27 Gb Available Physical Memory | 73,56% Memory free 14,32 Gb Paging File | 12,15 Gb Available in Paging File | 84,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 300,41 Gb Total Space | 183,00 Gb Free Space | 60,92% Space Free | Partition Type: NTFS Drive D: | 373,22 Gb Total Space | 371,58 Gb Free Space | 99,56% Space Free | Partition Type: NTFS Computer Name: STEVOS-PC | User Name: 1487204 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.08.02 12:18:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\1487204\Desktop\OTL.exe PRC - [2013.07.12 14:45:26 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2013.03.22 05:04:17 | 001,444,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2013.03.22 04:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2012.11.22 19:44:00 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe PRC - [2011.11.23 02:58:00 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.05.20 21:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.04.28 16:04:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.28 12:44:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.15 20:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2011.04.28 12:44:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2011.01.26 00:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.11.30 01:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV - [2013.04.24 03:42:48 | 002,556,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2013.03.22 04:51:02 | 002,926,672 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2012.12.11 22:40:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.05 09:03:02 | 003,969,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011.12.10 14:01:37 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service) SRV - [2011.04.28 16:04:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.28 12:44:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.02.01 23:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 23:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.09 10:33:03 | 000,065,368 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.06.09 10:32:57 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.06.09 10:32:26 | 000,130,392 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.06.09 10:32:26 | 000,060,248 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.06.02 12:44:30 | 000,107,128 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2013.05.17 20:45:40 | 000,062,808 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.05.01 21:01:47 | 000,031,872 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mousim.sys -- (mousim) DRV:64bit: - [2013.05.01 21:01:47 | 000,031,872 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kbdsim.sys -- (kbdsim) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.10.11 05:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2012.10.11 05:08:36 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.05.11 07:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.28 12:44:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 21:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.02.26 03:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.31 12:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.30 08:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.30 01:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.12 16:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.11.11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008.11.11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008.11.11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.02.19 10:46:02 | 000,063,808 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CESG64.sys -- (PVUSB) DRV - [2011.05.26 05:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2009.05.12 16:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys -- (FlashUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=aolde-ie&s_qt=sb&tb_uuid=B5F34C4E3C6F402C9E30EAEC6AF75503&tb_oid=09-05-2013&tb_mrud=09-05-2013 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472F-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\FantastiGames\npExentCtl.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: File not found FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\1487204\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\1487204\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M] [2013.07.03 11:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1487204\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- C:\Users\1487204\AppData\Roaming\mozilla\firefox\profiles\extensions\m2k@m2kdownloader.com.xpi [2013.05.08 17:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2013.07.31 21:34:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\1487204\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Intermediate] C:\Users\1487204\AppData\Roaming\Intermediate\Intermediate.exe () O4 - HKCU..\Run: [SCheck] C:\Users\1487204\AppData\Roaming\SCheck\SCheck.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [SSync] C:\Users\1487204\AppData\Roaming\SSync\SSync.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\nsp9pfbl.dll () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {21CEC2FC-24FA-4EEB-A043-3CC248060880} hxxp://www.digimonmasters.com/inc/ActiveX/launcher/Digitalic%20Launcher.cab (DigitalicLauncher Control) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F107F8C-5F5D-4B67-A4A0-7E80AAE19F12}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94810BE8-B6C3-4809-A475-B15C6BF73D72}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFF9450A-0C02-4A04-89E4-006CEB41A5D0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\gcf - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.95\npchrome_frame.dll (Google Inc.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.08.02 12:18:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\1487204\Desktop\OTL.exe [2013.08.02 12:18:20 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\1487204\Desktop\TFC.exe [2013.08.01 13:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.08.01 10:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.08.01 10:08:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.08.01 10:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.31 21:39:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.07.31 21:36:46 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.07.31 11:08:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.07.31 11:08:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.07.31 11:08:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.07.31 11:08:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.07.31 11:07:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.07.31 10:06:33 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{C4AC80F0-7672-403B-A028-8D3BAE65F94E} [2013.07.30 22:04:48 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.30 22:03:32 | 000,000,000 | ---D | C] -- C:\Users\1487204\Desktop\laptop saubermachen [2013.07.30 07:29:53 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{A9CDB25B-5BEA-4A73-A878-41F560F7B030} [2013.07.29 07:41:00 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{4BA6CBC4-2AE8-4F82-8CD6-C3EE45364D6A} [2013.07.28 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{34767BF2-D97D-4502-8DF1-DD39EC08A2B8} [2013.07.27 21:01:53 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{807E84CB-D3AC-4271-977C-8A0D3FFB7C68} [2013.07.27 07:27:13 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{3AB7F902-B7B9-478A-81E9-00670B032E64} [2013.07.26 14:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Picroma [2013.07.26 14:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World [2013.07.25 23:11:08 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{A2FA6DAD-F4CF-44C2-A390-F5FD6691C685} [2013.07.25 22:22:14 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\Aeria Games [2013.07.25 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games [2013.07.25 22:17:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2013.07.25 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\Aeria Games & Entertainment [2013.07.19 22:42:33 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{39F4A88F-2D8D-4192-A776-5725857F2021} [2013.07.19 14:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013.07.19 14:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.07.19 12:32:34 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\ImgBurn [2013.07.19 12:26:34 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\Uniblue [2013.07.19 12:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2013.07.19 12:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2013.07.19 12:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2013.07.15 07:44:07 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{54988270-985A-4C08-A1E2-3970B14ACA70} [2013.07.14 07:48:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.07.13 11:17:25 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{4C27CA99-76B2-408D-8950-DAC855DEBD1E} [2013.07.13 11:02:48 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{49107F91-4B47-4263-9EA5-51B40C878760} [2013.07.12 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{A22B4154-B20A-4811-8036-5DCF4B24262B} [2013.07.12 21:11:42 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{6C055D5F-EB8C-4ED1-B78B-5A1856594FAE} [2013.07.10 20:06:06 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\SSync [2013.07.10 20:06:06 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\Intermediate [2013.07.10 20:06:05 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\SCheck [2013.07.10 20:03:20 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\PiccShare [2013.07.10 20:03:20 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\Common [2013.07.10 20:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot Stickfigure Animator [2013.07.10 20:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator [2013.07.10 07:01:12 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{C929E05D-3774-48AE-9998-C5998334D76F} [2013.07.09 14:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2013.07.07 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{F4353331-D22F-4CA8-96D0-EBB02B158F0C} [2013.07.06 13:50:56 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Local\{84ECADAB-8C61-46CF-A835-D76BA66B795B} [2013.07.06 13:40:16 | 000,000,000 | ---D | C] -- C:\Users\1487204\AppData\Roaming\Malwarebytes [2013.07.06 13:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2013.08.02 12:29:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.02 12:29:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.02 12:21:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.08.02 12:21:57 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\spmonitor.job [2013.08.02 12:21:56 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.08.02 12:21:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.08.02 12:21:42 | 1473,486,847 | -HS- | M] () -- C:\hiberfil.sys [2013.08.02 12:18:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\1487204\Desktop\OTL.exe [2013.08.02 12:18:17 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\1487204\Desktop\TFC.exe [2013.08.02 12:13:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.08.01 10:28:06 | 000,001,106 | ---- | M] () -- C:\Users\1487204\Desktop\Internet Explorer.lnk [2013.08.01 07:15:33 | 000,002,389 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.31 21:34:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.07.28 15:18:57 | 651,285,183 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.07.26 14:20:29 | 000,000,570 | ---- | M] () -- C:\Users\Public\Desktop\Cube World.lnk [2013.07.25 23:06:18 | 000,002,778 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.07.19 12:25:44 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2013.07.18 20:03:08 | 001,644,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.18 20:03:08 | 000,698,164 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.18 20:03:08 | 000,663,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.18 20:03:08 | 000,151,632 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.18 20:03:08 | 000,125,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.12 21:11:12 | 000,001,498 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.07.12 21:09:33 | 000,299,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.10 20:37:18 | 000,004,589 | ---- | M] () -- C:\Users\1487204\Documents\Stickman.piv ========== Files Created - No Company Name ========== [2013.07.31 11:08:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.07.31 11:08:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.07.31 11:08:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.07.31 11:08:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.07.31 11:08:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.07.28 15:18:57 | 651,285,183 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.07.26 14:20:29 | 000,000,570 | ---- | C] () -- C:\Users\Public\Desktop\Cube World.lnk [2013.07.19 12:26:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\spmonitor.job [2013.07.19 12:25:44 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2013.07.19 12:25:44 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2013.07.10 20:37:18 | 000,004,589 | ---- | C] () -- C:\Users\1487204\Documents\Stickman.piv [2013.07.03 14:07:09 | 000,001,679 | ---- | C] () -- C:\Users\1487204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.07.03 13:15:33 | 000,299,872 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.25 16:21:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.01.04 19:21:17 | 1687,609,906 | ---- | C] () -- C:\Program Files (x86)\DF8E4D23DBF275885781A2FFEEBC2287.kms [2013.01.04 19:21:11 | 001,681,513 | ---- | C] () -- C:\Program Files (x86)\DF8E4D23DBF275885781A2FFEEBC2287.kmt [2012.06.12 12:44:58 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.08 11:39:30 | 001,979,143 | ---- | C] () -- C:\Windows\SysWow64\D-PlayerInstall_210.exe [2012.01.29 21:30:17 | 000,007,609 | ---- | C] () -- C:\Users\1487204\AppData\Local\Resmon.ResmonCfg [2012.01.25 17:59:37 | 001,611,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.12 23:32:16 | 000,007,168 | ---- | C] () -- C:\Users\1487204\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.11 14:47:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsp9pfbl.dll [2011.12.10 13:46:41 | 001,074,893 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.12.09 20:10:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.08.01 22:36:42 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\.minecraft [2013.04.10 15:58:52 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\.technic [2013.07.25 22:17:53 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Aeria Games & Entertainment [2012.08.19 10:59:31 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Alawar Entertainment [2013.04.28 17:40:05 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\amazon [2012.08.29 13:24:02 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Arkadium [2011.12.09 07:42:07 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\ASUS WebStorage [2013.08.01 10:19:00 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Common [2012.03.02 16:07:24 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\DVDVideoSoft [2013.06.29 14:09:55 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\GetRightToGo [2013.07.19 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\ImgBurn [2013.07.10 20:06:06 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Intermediate [2012.01.18 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\LG Electronics [2012.06.03 11:53:51 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\LolClient2 [2011.12.11 23:14:02 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Nuance [2013.07.10 20:03:20 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\PiccShare [2012.08.03 16:18:51 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\PlayFirst [2013.07.10 20:06:05 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\SCheck [2013.06.09 09:18:36 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Solveig Multimedia [2013.07.25 17:08:32 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Spotify [2013.07.10 20:06:06 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\SSync [2013.04.28 17:42:56 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Systweak [2013.01.14 21:10:20 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\TS3Client [2013.07.19 12:26:34 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Uniblue [2012.03.25 18:13:30 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Unity [2012.03.12 22:12:19 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\VBA-M [2011.12.11 23:14:00 | 000,000,000 | ---D | M] -- C:\Users\1487204\AppData\Roaming\Zeon ========== Purity Check ========== ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > "DisplayName" = @%systemroot%\system32\wkssvc.dll,-100 "Group" = NetworkProvider "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%systemroot%\system32\wkssvc.dll,-101 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage] "Bind" = \Device\Smb_Tcpip_{8DEDB25B-B9C3-4 [Binary data over 200 bytes] "Route" = "Smb" "Tcpip" "{8DEDB25B-B9C3-4369 [Binary data over 200 bytes] "Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider] "DeviceName" = \Device\LanmanRedirector "Name" = Microsoft Windows Network "DisplayName" = @%systemroot%\system32\wkssvc.dll,-102 "ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.20 14:20:48 | 000,069,120 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "ServiceDll" = %SystemRoot%\System32\wkssvc.dll "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\pouau9wjp.dll "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll "ServiceMain" = SetAccessPolicy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:56 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data] "Update-Service" = Update-Service [binary data] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] < HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:56 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data] "Update-Service" = Update-Service [binary data] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > < %SystemRoot%\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < %SystemRoot%\system32\*.tsp /64 > [2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp [2012.01.11 14:47:58 | 001,417,728 | ---- | M] (IntTele) -- C:\Windows\SysNative\intttav7x.tsp [2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp [2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp [2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp [2010.11.20 15:24:26 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp < C:\Windows\system32\*.dll /600 > [2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll [2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll [2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll [2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll [2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll [2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\apisetschema.dll [2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll [2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll [2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll [2013.05.13 06:45:55 | 001,160,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll [2013.05.13 06:45:55 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll [2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll [2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll [2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll [2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll [2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll [2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll [2012.07.17 16:59:04 | 001,132,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3dx9_32.dll [2013.08.02 12:09:37 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll [2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll [2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll [2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll [2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll [2013.02.25 14:59:41 | 000,011,240 | ---- | M] (G Data Software AG) -- C:\Windows\system32\GdScrSv.de.dll [2012.01.19 08:23:58 | 000,339,320 | ---- | M] (Hide My IP) -- C:\Windows\system32\HMIPCore.dll [2013.05.29 03:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2013.05.29 03:33:39 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2013.05.29 03:29:36 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | M] () -- C:\Windows\system32\ig4icd32.dll [2012.03.19 23:11:38 | 007,795,200 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igd10umd32.dll [2012.03.19 23:25:58 | 000,058,880 | ---- | M] () -- C:\Windows\system32\igdde32.dll [2012.03.19 23:26:56 | 006,120,960 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdumd32.dll [2012.03.19 22:09:08 | 002,321,408 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxcmjit32.dll [2012.03.19 22:09:08 | 000,237,056 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxcmrt32.dll [2012.03.19 22:11:22 | 000,325,120 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxdv32.dll [2012.03.19 22:12:06 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxexps32.dll [2012.03.19 22:09:08 | 000,177,152 | ---- | M] (Intel Corporation) -- C:\Windows\system32\iglhcp32.dll [2012.03.19 22:09:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\system32\iglhsip32.dll [2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2013.05.29 03:35:56 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2013.05.29 03:50:14 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.05.29 03:38:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll [2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll [2013.05.29 03:35:00 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2013.05.29 03:56:15 | 012,333,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.05.29 03:33:32 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll [2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll [2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2013.07.03 11:52:25 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp100.dll [2013.07.03 11:52:25 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100.dll [2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll [2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2012.11.21 09:34:58 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml4a.dll [2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll [2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll [2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll [2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll [2013.08.02 12:09:37 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npdeployJava1.dll [2012.06.14 20:24:17 | 000,000,000 | ---- | M] () -- C:\Windows\system32\nsp9pfbl.dll [2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll [2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll [2012.05.04 11:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll [2013.06.04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll [2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll [2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll [2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll [2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll [2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll [2013.05.29 03:40:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2013.05.29 03:41:30 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll [2013.05.29 03:36:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2013.08.02 12:09:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge-32.dll [2013.04.17 09:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll [2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll [2013.05.29 03:41:08 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll [2013.05.06 06:56:35 | 001,620,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL [2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll [2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll [2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll [2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.09 21:36:27 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.12.09 21:36:29 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.01.09 16:55:39 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855986137-2966401962-2417362070-1001Core.job [2012.01.09 16:55:41 | 000,001,146 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855986137-2966401962-2417362070-1001UA.job [2012.06.12 12:46:06 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.07.19 12:26:47 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\spmonitor.job < C:\Windows\SysNative\*.dll /600 > [2013.02.15 08:02:26 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.11.30 07:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.13 22:35:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.01.13 22:32:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.01.13 22:35:31 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.01.13 22:31:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.01.13 22:35:31 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.01.13 22:31:40 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.01.13 22:31:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.01.13 22:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2012.11.30 07:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appinfo.dll [2012.12.16 16:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 19:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.02.27 07:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll [2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2013.05.13 07:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.05.13 07:51:00 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.05.10 07:49:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.05.13 07:51:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.05.13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll [2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.01.13 21:10:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.01.13 21:20:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.01.13 21:38:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.01.13 21:24:33 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.01.13 21:51:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.01.13 21:20:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.01.13 21:38:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.04.01 00:52:16 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2012.01.30 18:23:01 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2012.10.09 20:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.10.09 20:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.02 07:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013.04.03 00:51:57 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.01.13 21:49:17 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.01.13 21:58:28 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll [2012.12.07 15:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2012.03.19 22:17:14 | 000,172,032 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll [2012.03.19 22:17:22 | 000,110,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll [2013.05.29 07:50:31 | 010,926,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll [2013.05.29 07:27:50 | 002,147,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2013.05.29 07:18:27 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.03.19 22:31:14 | 018,137,088 | ---- | M] () -- C:\Windows\SysNative\ig4icd64.dll [2012.03.19 23:22:10 | 009,605,632 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll [2012.03.19 23:31:14 | 000,079,360 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll [2012.03.19 23:31:56 | 008,087,040 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll [2012.03.19 22:09:08 | 002,967,040 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll [2012.03.19 22:09:08 | 000,193,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll [2012.03.19 23:42:08 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2696.dll [2012.03.19 22:17:14 | 000,434,688 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll [2012.03.19 22:17:14 | 000,009,216 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012.03.19 22:16:38 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll [2012.03.19 22:17:56 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll [2012.03.19 22:18:06 | 000,386,560 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll [2012.03.19 22:16:36 | 009,007,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll [2012.03.19 22:17:46 | 000,063,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll [2012.03.19 22:18:04 | 000,410,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll [2012.03.19 22:09:08 | 000,213,504 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll [2012.03.19 22:09:08 | 000,524,800 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll [2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.10.03 19:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll [2013.05.29 07:29:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.29 07:43:16 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.29 07:31:32 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2012.08.11 02:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll [2012.11.30 07:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.11.30 07:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.09.20 17:02:06 | 001,832,760 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\LogiLDA.DLL [2013.05.29 07:27:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.29 08:15:56 | 017,829,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll [2013.05.29 07:25:46 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2013.01.04 08:11:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.15 08:06:11 | 003,717,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.11.01 07:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll [2012.11.01 07:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll [2012.11.20 07:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.10.03 19:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.10.03 19:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.10.03 19:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.10.03 19:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlaapi.dll [2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlasvc.dll [2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.11.30 07:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll [2012.05.04 13:00:43 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.06.04 08:00:13 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.02 07:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll [2013.02.27 07:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll [2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.09.26 00:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.02.15 08:08:40 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.11.09 07:45:09 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll [2013.01.13 21:24:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.05.29 07:33:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.29 07:36:04 | 001,346,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll [2012.11.22 07:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.05.29 07:29:02 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.07.26 04:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013.04.26 07:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.04.17 08:24:46 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.01.13 21:25:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.05.29 07:35:44 | 001,392,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2013.01.04 07:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.08.24 20:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll [2013.01.13 20:32:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.05.06 08:03:49 | 001,887,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2012.11.30 07:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.11.30 07:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.11.30 07:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.07 15:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.07.26 05:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.07.26 05:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.07.26 05:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFSvc.dll [2012.07.26 05:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.03.19 07:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.03.19 07:53:58 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll [2013.01.13 20:09:52 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.01.13 19:05:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll < C:\Windows\SysWOW64\*.dll /600 > [2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\aaclient.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll [2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll [2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll [2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll [2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll [2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apisetschema.dll [2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\atmfd.dll [2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWOW64\atmlib.dll [2013.02.27 06:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authui.dll [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll [2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll [2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\certenc.dll [2013.05.13 06:45:55 | 001,160,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll [2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptdlg.dll [2013.05.13 06:45:55 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll [2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll [2013.01.13 21:37:57 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll [2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll [2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll [2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll [2013.01.13 22:22:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll [2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll [2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll [2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll [2012.07.17 16:59:04 | 001,132,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dx9_32.dll [2013.08.02 12:09:37 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll [2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore6.dll [2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll [2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpnet.dll [2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll [2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll [2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll [2013.02.25 14:59:41 | 000,011,240 | ---- | M] (G Data Software AG) -- C:\Windows\SysWOW64\GdScrSv.de.dll [2012.01.19 08:23:58 | 000,339,320 | ---- | M] (Hide My IP) -- C:\Windows\SysWOW64\HMIPCore.dll [2013.05.29 03:48:09 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll [2013.05.29 03:33:39 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll [2013.05.29 03:29:36 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | M] () -- C:\Windows\SysWOW64\ig4icd32.dll [2012.03.19 23:11:38 | 007,795,200 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igd10umd32.dll [2012.03.19 23:25:58 | 000,058,880 | ---- | M] () -- C:\Windows\SysWOW64\igdde32.dll [2012.03.19 23:26:56 | 006,120,960 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumd32.dll [2012.03.19 22:09:08 | 002,321,408 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxcmjit32.dll [2012.03.19 22:09:08 | 000,237,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxcmrt32.dll [2012.03.19 22:11:22 | 000,325,120 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxdv32.dll [2012.03.19 22:12:06 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxexps32.dll [2012.03.19 22:09:08 | 000,177,152 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\iglhcp32.dll [2012.03.19 22:09:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\iglhsip32.dll [2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll [2013.05.29 03:35:56 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll [2013.05.29 03:50:14 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll [2013.05.29 03:38:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll [2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll [2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll [2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll [2013.05.29 03:35:00 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll [2013.05.29 03:56:15 | 012,333,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll [2013.05.29 03:33:32 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll [2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll [2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll [2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mstscax.dll [2013.07.03 11:52:25 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp100.dll [2013.07.03 11:52:25 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr100.dll [2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll [2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll [2012.11.21 09:34:58 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml4a.dll [2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll [2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll [2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncsi.dll [2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll [2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netcorehc.dll [2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netevent.dll [2012.01.13 09:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll [2013.08.02 12:09:37 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npdeployJava1.dll [2012.06.14 20:24:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\nsp9pfbl.dll [2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll [2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll [2012.05.04 11:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll [2013.06.04 06:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qedit.dll [2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll [2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll [2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll [2013.02.27 06:55:04 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll [2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll [2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll [2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll [2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tsgqec.dll [2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll [2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll [2013.05.29 03:40:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll [2013.05.29 03:41:30 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll [2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll [2013.05.29 03:36:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll [2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll [2013.08.02 12:09:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll [2013.04.17 09:02:06 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll [2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll [2013.05.29 03:41:08 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll [2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll [2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll [2013.01.13 21:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMPhoto.dll [2013.05.06 06:56:35 | 001,620,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMVDECOD.DLL [2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll [2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll [2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsGdiConverter.dll [2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsPrint.dll ========== Files - Unicode (All) ========== [2013.05.01 20:48:30 | 000,000,000 | ---D | M](C:\Users\1487204\AppData\Local\???__??????) -- C:\Users\1487204\AppData\Local\†††__††††ˆ [2013.05.01 20:48:30 | 000,000,000 | ---D | M](C:\Users\1487204\AppData\Local\???__??????) -- C:\Users\1487204\AppData\Local\†††__††††ˆ [2011.04.13 04:42:56 | 000,000,020 | ---- | M] ()(C:\Windows\Xu?) -- C:\Windows\Xú— [2011.04.13 04:42:56 | 000,000,020 | ---- | C] ()(C:\Windows\Xu?) -- C:\Windows\Xú— (C:\Users\1487204\AppData\Local\???__??????) -- C:\Users\1487204\AppData\Local\†††__††††ˆ ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3AE22B1A @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5D458568 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:81F83028 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D20FFA63 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:029E021F < End of report > |
|
02.08.2013, 11:42
| #14 |
| | Ungültiges Bild - Win7 Extra.txt : Code:
ATTFilter OTL Extras logfile created on: 02.08.2013 12:25:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\1487204\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,16 Gb Total Physical Memory | 5,27 Gb Available Physical Memory | 73,56% Memory free
14,32 Gb Paging File | 12,15 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,41 Gb Total Space | 183,00 Gb Free Space | 60,92% Space Free | Partition Type: NTFS
Drive D: | 373,22 Gb Total Space | 371,58 Gb Free Space | 99,56% Space Free | Partition Type: NTFS
Computer Name: STEVOS-PC | User Name: 1487204 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A2F8C9A-3535-485B-BDC5-D19C4A68656D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32852266-8FDB-4C25-B0E3-DB3BB99FCF40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{343D71E0-A5C9-447D-A697-452E1FF4A457}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43C88CC2-9010-406D-B98A-64E9D23FD999}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{5A3FABB3-85CE-4EA3-BC7C-8A88C19EF049}" = rport=137 | protocol=17 | dir=out | app=system |
"{5BB90BEF-8CB2-4E33-AA3C-324963EF52D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{67FB7873-20B7-46C0-BC16-574809543D7B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{712EDDAB-BB08-46F2-85A7-A9D965E0B0F2}" = rport=139 | protocol=6 | dir=out | app=system |
"{86B66E27-D967-4D17-B6E1-17076FCE7D52}" = lport=10243 | protocol=6 | dir=in | app=system |
"{896ED598-CCDC-4C66-8716-FE067B038722}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8E9C5D4C-A564-44B0-9630-AD4AB5AC484C}" = lport=139 | protocol=6 | dir=in | app=system |
"{93BC780A-495E-489E-82EE-3CD74C6BC472}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96D22919-375E-45F0-AF08-C4128D700897}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F06115E-A50B-4602-9B47-782B7E802430}" = lport=137 | protocol=17 | dir=in | app=system |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{AE1CE75A-B2D3-4828-90E5-F82067CDC84A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B73E8598-7F0E-488A-8199-425589994AEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BD82E326-65E9-4E34-A7C5-7616846967E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D4758D62-1FAA-4B81-80E6-CF5FDB5A2C4F}" = lport=138 | protocol=17 | dir=in | app=system |
"{D672AC88-3D82-4BF2-BC6A-7BEA8911E8CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3AD0D69-EF7C-4A4B-9C9E-7F454D95D994}" = lport=445 | protocol=6 | dir=in | app=system |
"{F05C0313-BFE0-4570-A140-2EFC059C7C0A}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04922DB8-FCB2-46F6-A759-75DDE96F77B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0D18260B-02B1-4492-B2E5-9B338DE0D51C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{160457D5-00B0-45DD-964D-F61FF1B70459}" = dir=in | app=c:\users\1487204\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2AE1DD3C-098C-4190-87AB-09AD97092ED1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2C7D097B-36C0-4B9E-BDB4-F1BB3ECCDDA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{309D482B-87D9-45F5-8690-6E12E5494CBC}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{365BD977-0C76-46B4-B4D5-4A7EB8D76C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3A6821B6-ECC6-4B04-967D-3E5BABA11E32}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{3E461959-080F-492C-8AB1-E79C10BBD700}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45848ACA-58E9-433D-B7BD-49DA0CADD14A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46889A81-12DD-4375-804B-81FD169B78FE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D3A3C21-CA0F-4AE6-A466-76D27AE7D548}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{567A5A09-8A23-4AFC-A56E-5BFCB4B57570}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{57926A86-8C62-4334-ABE0-42C5F5D9450A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{669498BE-509D-4299-B0C4-BA57D525D9CA}" = protocol=6 | dir=out | app=system |
"{8E4F5CD5-CF51-46FF-9638-6629D0B5E51E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9E5F26F2-BCB2-43F3-825D-A6905BD0BFC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A29C0B46-77E3-404E-901E-4B40FCFADA32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2AC3F8D-FA3F-4C2A-88A3-CFD319DE6ECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B84CEC57-E9D2-4FCD-B043-FF60F4A8675F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BAA49983-0D56-4931-94A5-483E8778E782}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C44636D5-CCD3-4C83-A553-10410FEBE957}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCB8EFB3-62AF-4DCF-971A-B3872DC0F188}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DBAD182F-EE89-41AB-BF16-2AED44A5296E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2207504-9EC2-43E7-B4C5-E15426A639C4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E3D9987C-311B-40E1-B25B-9ADC25E2DFD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E97A2BDC-4313-43D8-9718-981818ECD578}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F95FA26B-5D56-4CFF-8671-3BDA323EE7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB604539-74A8-491F-A079-7061EDC3852B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FEB68101-150A-40FD-BB6A-03F9012230CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"81AE60DDD229A248055515E311406D86F7E4012A" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7765322A-8601-47D3-AC60-B66677450D7B}" = G Data InternetSecurity 2014
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}" = Wireless Console 3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86753310-A165-3BF3-8BDB-50F238DCC720}" = Google Chrome Frame
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1" = Cube World version 0.0.1
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"ASUS_Screensaver" = ASUS_Screensaver
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DigimonMasters" = DigimonMasters Online
"D-PlayerSetup" = 디지탈릭 게임런처
"ESET Online Scanner" = ESET Online Scanner v3
"exent_529250" = Azteca
"exent_683150" = Time Riddles: The Mansion
"exent_748750" = My Farm Life 2
"Farm Frenzy 3" = Farm Frenzy 3
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.7
"ShotOnline" = ShotOnline
"WinImage" = WinImage
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Spotify" = Spotify
"WinImage" = WinImage
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.07.2013 01:40:58 | Computer Name = Stevos-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 840 Startzeit: 01ce8c1e081211dc Endzeit: 10 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 6894d744-f811-11e2-84e4-14dae9e8ec78
Error - 30.07.2013 01:51:35 | Computer Name = Stevos-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cube.exe, Version: 0.0.0.0, Zeitstempel:
0x51ea955e Name des fehlerhaften Moduls: Cube.exe, Version: 0.0.0.0, Zeitstempel:
0x51ea955e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006f443 ID des fehlerhaften Prozesses:
0x658 Startzeit der fehlerhaften Anwendung: 0x01ce8ce601921f85 Pfad der fehlerhaften
Anwendung: D:\Cube World\Cube.exe Pfad des fehlerhaften Moduls: D:\Cube World\Cube.exe
Berichtskennung:
17ad97ec-f8dc-11e2-bc9f-14dae9e8ec78
Error - 31.07.2013 15:27:26 | Computer Name = Stevos-PC | Source = VSS | ID = 18
Description =
Error - 31.07.2013 15:27:26 | Computer Name = Stevos-PC | Source = VSS | ID = 8193
Description =
Error - 31.07.2013 15:27:26 | Computer Name = Stevos-PC | Source = System Restore | ID = 8193
Description =
Error - 01.08.2013 07:15:20 | Computer Name = Stevos-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts fur "C:\Users\1487204\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine fur die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.08.2013 07:15:26 | Computer Name = Stevos-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts fur "C:\Users\1487204\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine fur die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.08.2013 14:45:06 | Computer Name = Stevos-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts fur "C:\Users\1487204\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine fur die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.08.2013 14:46:16 | Computer Name = Stevos-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts fur "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine fur die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 02.08.2013 06:15:38 | Computer Name = Stevos-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts fur "C:\Users\1487204\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine fur die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ Media Center Events ]
Error - 30.05.2013 05:19:29 | Computer Name = Stevos-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =
Error - 30.05.2013 05:24:12 | Computer Name = Stevos-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =
Error - 30.05.2013 05:27:38 | Computer Name = Stevos-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =
Error - 30.05.2013 05:32:46 | Computer Name = Stevos-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =
Error - 30.05.2013 05:55:23 | Computer Name = Stevos-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =
Error - 30.05.2013 06:08:46 | Computer Name = Stevos-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =
Error - 30.05.2013 06:10:33 | Computer Name = Stevos-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =
Error - 30.05.2013 06:12:07 | Computer Name = Stevos-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =
[ System Events ]
Error - 02.08.2013 06:22:02 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:05 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:05 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:05 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:05 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:05 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:05 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:05 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:07 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
Error - 02.08.2013 06:22:07 | Computer Name = Stevos-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%126
< End of report >
|
|
02.08.2013, 22:54
| #15 |
| /// the machine /// TB-Ausbilder | Ungültiges Bild - Win7 Bitte downloade dir LSPFix
Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Intermediate] C:\Users\1487204\AppData\Roaming\Intermediate\Intermediate.exe ()
O4 - HKCU..\Run: [SCheck] C:\Users\1487204\AppData\Roaming\SCheck\SCheck.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\1487204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SSync] C:\Users\1487204\AppData\Roaming\SSync\SSync.exe ()
[2012.01.11 14:47:58 | 001,417,728 | ---- | M] (IntTele) -- C:\Windows\SysNative\intttav7x.tsp
[2013.05.01 20:48:30 | 000,000,000 | ---D | M](C:\Users\1487204\AppData\Local\???__??????) -- C:\Users\1487204\AppData\Local\†††__††††ˆ
[2013.05.01 20:48:30 | 000,000,000 | ---D | M](C:\Users\1487204\AppData\Local\???__??????) -- C:\Users\1487204\AppData\Local\†††__††††ˆ
[2011.04.13 04:42:56 | 000,000,020 | ---- | M] ()(C:\Windows\Xu?) -- C:\Windows\Xú—
[2011.04.13 04:42:56 | 000,000,020 | ---- | C] ()(C:\Windows\Xu?) -- C:\Windows\Xú—
(C:\Users\1487204\AppData\Local\???__??????) -- C:\Users\1487204\AppData\Local\†††__††††ˆ
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3AE22B1A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5D458568
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:81F83028
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D20FFA63
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:029E021F
:files
C:\Users\1487204\AppData\Roaming\Intermediate
C:\Users\1487204\AppData\Roaming\SCheck
C:\Users\1487204\AppData\Roaming\Spotify
C:\Users\1487204\AppData\Roaming\SSync
C:\Windows\SysWOW64\nsp9pfbl.dll
C:\Windows\System32\pouau9wjp.dll
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
00
:Commands
[emptytemp]
Frisches OTL Log mit dem gleichen Custom Scan wie eben bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Ungültiges Bild - Win7 |
| ausführung, bruder, fehler, immer wieder, kleine, kleinen, neue, programme, programmen, pup.optional.babylon.a, pup.optional.installex, pup.optional.luart.a, pup.optional.softonic, pup.optional.somoto, pup.optional.tarma.a, spiele, system32, thread, ungültig, ungültiges, ungültiges bild, verschlüsselt, versuche, win7, windows, windows7 |
Textbox.
Linear-Darstellung
