| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: C:\Windows\Installer\3ef28e.msi infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.08.2013, 15:58
| #1 |
 |  C:\Windows\Installer\3ef28e.msi infiziert Hallo ich habe neulich mit Maleware Bytes den Computer gescannt und das war dass Ergebniss Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.05.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Ale x :: MICHI-PC [Administrator] 05.08.2013 16:43:05 mbam-log-2013-08-05 (16-43-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 270740 Laufzeit: 9 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Windows\Installer\3ef28e.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\3ef294.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\3ef29a.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\3ef2a0.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
05.08.2013, 16:07
| #2 |
| /// Malware-holic   | C:\Windows\Installer\3ef28e.msi infiziert Hi,
__________________gleich wird eine Anleitung für FRST folgen, bitte meine Zusatzbemerkung abarbeiten. Empfehlungen fürs Deinstallieren Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.08.2013, 16:58
| #3 |
| | C:\Windows\Installer\3ef28e.msi infiziert Ok Hier
__________________Code:
ATTFilter 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Nötig Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Unbekannt Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Unbekannt Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Unbekannt Age of Empires II: HD Edition (x32) Nötig ANNO 1503 GOLD (x32 Version: 1.05.00) Nötig Anno 1701 - Der Fluch des Drachen (x32 Version: 2.03) Nötig Anno 1701 (x32 Version: 1.04) Nötig ANNO 2070 (x32 Version: 1.0.0.0) Nötig Back to the Future The Game (HKCU Version: 2.0.0.0) Nötig Battle.net (x32) Unbekannt Bejeweled 3 (x32 Version: 2.2.0.98) Unbekannt Cake Mania (x32 Version: 2.2.0.98) Unbekannt Chuzzle Deluxe (x32 Version: 2.2.0.95) Unbekannt Command & Conquer 3 (x32 Version: 1.00.0000) Nötig Cradle of Rome 2 (x32 Version: 2.2.0.98) Unbekannt Craften Terminal 3.3.4897.28268 (x32 Version: 3.3.4897.28268) Unötig Cube World version 0.0.1 (x32 Version: 0.0.1) Nötig D3DX10 (x32 Version: 15.4.2368.0902) Unbekannt Diablo (x32) Nötig Diablo II (x32) Nötig Diablo The Awakening v6.4 (x32) Nötig DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Unbekannt Edna Bricht Aus 6.3 (x32) Nötig ESET Online Scanner v3 (x32) Nötig Facebook (x32 Version: 1.1.0004) Unbekannt Farm Frenzy (x32 Version: 2.2.0.98) Unbekannt Farmscapes (x32 Version: 2.2.0.97) Unbekannt FATE (x32 Version: 2.2.0.97) Unbekannt Final Drive Fury (x32 Version: 2.2.0.95) Unbekannt Fishdom (TM) 2 (x32 Version: 2.2.0.98) Unbekannt Half-Life (x32) Nötig Half-Life 2 (x32) Nötig Half-Life 2: Deathmatch (x32) Nötig Half-Life 2: Episode One (x32) Nötig Half-Life 2: Episode Two (x32) Nötig Half-Life 2: Lost Coast (x32) Nötig Half-Life Deathmatch: Source (x32) Nötig Half-Life: Blue Shift (x32) Nötig Half-Life: Opposing Force (x32) Nötig Half-Life: Source (x32) Nötig Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) Unbekannt HP Auto (Version: 1.0.12935.3667) Unbekannt HP Calendar (x32 Version: 5.1.4245.23508) Unbekannt HP Clock (x32 Version: 5.1.4281.27332) Unbekannt HP Customer Experience Enhancements (x32 Version: 6.0.1.8) Unbekannt HP Games (x32 Version: 1.0.2.5) Unbekannt HP LinkUp (x32 Version: 2.01.029) Unbekannt HP Magic Canvas (x32 Version: 5.1.15.0) Unbekannt HP Magic Canvas Tutorials (x32 Version: 6.0.0.0) Unbekannt HP Notes (x32 Version: 5.1.4274.30382) Unbekannt HP Odometer (x32 Version: 2.10.0000) Unbekannt HP Remote Solution (x32 Version: 1.1.16.0) Unbekannt HP RSS (x32 Version: 5.1.4289.23799) Unbekannt HP Setup (x32 Version: 9.1.15430.4033) Unbekannt HP Support Assistant (x32 Version: 7.0.39.15) Unbekannt HP Support Information (x32 Version: 11.00.0001) Unbekannt HP TouchSmart Background - Beats (x32 Version: 1.0.1.0) Unbekannt HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730) Unbekannt HP Update (x32 Version: 5.003.001.001) Unbekannt Insaniquarium Deluxe (x32 Version: 2.2.0.97) Unbekannt Intel(R) Management Engine Components (x32 Version: 8.0.0.1351) Unbekannt Java 7 Update 25 (64-bit) (Version: 7.0.250) Unbekannt Java 7 Update 25 (x32 Version: 7.0.250) Unbekannt Java Auto Updater (x32 Version: 2.1.9.5) Unbekannt Jewel Match 3 (x32 Version: 2.2.0.98) Unbekannt Jewel Quest II (x32 Version: 2.2.0.97) Unbekannt Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Unbekannt Junk Mail filter update (x32 Version: 15.4.3502.0922) Unbekannt LabelPrint (x32 Version: 2.5.4507) Unbekannt LogMeIn Hamachi (x32 Version: 2.1.0.374) Nötig Magic Desktop (x32 Version: 3.0) Unbekannt Mahjongg Artifacts (x32 Version: 2.2.0.95) Unbekannt Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Nötig Media Go (x32 Version: 2.5.290) Unbekannt Media Go Video Playback Engine 1.120.103.05010 (x32 Version: 1.120.103.05010) Unbekannt Mesh Runtime (x32 Version: 15.4.5722.2) Unbekannt Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Unbekannt Microsoft Age of Empires II (x32) Nötig Microsoft Age of Empires II: The Conquerors Expansion (x32) Nötig Microsoft Application Error Reporting (Version: 12.0.6015.5000) Unbekannt Microsoft Mathematics (x32 Version: 4.0) Unbekannt Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Unbekannt Microsoft Security Client (Version: 4.3.0215.0) Unbekannt Microsoft Security Essentials (Version: 4.3.215.0) Nötig Microsoft Silverlight (Version: 5.1.20513.0) Unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Unbekannt Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0) Nötig Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Unbekannt Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Unbekannt Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version:9.0.30729.4148) Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Unbekannt Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1) Unbekannt Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1) Unbekannt Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Unbekannt Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Unbekannt Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106) Unbekannt Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106) Unbekannt Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Nötig Mozilla Maintenance Service (x32 Version: 22.0) Unbekannt MSVCRT (x32 Version: 15.4.2862.0708) Unbekannt MSVCRT_amd64 (x32 Version: 15.4.2862.0708) Unbekannt Mystery of Mortlake Mansion (x32 Version: 2.2.0.98) Unbekannt Norton Internet Security (x32 Version: 19.9.1.14) Unbekannt Norton Online Backup (x32 Version: 2.1.17869) Unbekannt NVIDIA Control Panel 296.28 (Version: 296.28) Unbekannt NVIDIA Graphics Driver 296.28 (Version: 296.28) Unbekannt NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) Unbekannt NVIDIA Install Application (Version: 2.1002.109.718) Unbekannt NVIDIA PhysX (x32 Version: 9.12.0213) Unbekannt NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213) Unbekannt OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Nötig opensource (x32 Version: 1.0.14960.3876) Unbekannt Outcast (x32) Nötig Outcast Patch (x32) Nötig PDF Complete Corporate Edition (x32 Version: 4.0.95) Unbekannt Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) Unbekannt PlayReady PC Runtime amd64 (Version: 1.3.0) Unbekannt PlayStation(R)Store (x32 Version: 4.14.6.15183) Unbekannt Polar Bowler (x32 Version: 2.2.0.97) Unbekannt Portal 2 (x32) Nötig Power2Go (x32 Version: 6.1.6207) Unbekannt Ralink 802.11n Wireless LAN Card (x32 Version: 3.2.12.0) Unbekannt Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98) Unbekannt Recovery Manager (x32 Version: 5.5.0.5119) Unbekannt Remote Graphics Receiver (x32 Version: 5.4.5) Unbekannt rosoft .NET Framework 4 Client Profile (Version: 4.0.30319) Unbekannt Sony PC Companion 2.10.165 (x32 Version: 2.10.165) Unbekannt StarCraft (x32) Nötig StarCraft II (x32 Version: 2.0.9.26147) Nötig Steam (x32 Version: 1.0.0.0) Nötig Team Fortress 2 (x32) Unbekannt Nötig Team Fortress Classic (x32) Nötig The Elder Scrolls V: Skyrim (x32) Nötig TI USB 3.0 Host Controller Driver (x32 Version: 1.12.18.0) Unbekannt TI USB3 Host Driver (x32 Version: 1.12.18.0) Unbekannt Torchlight (x32 Version: 2.2.0.98) Unbekannt TSHostedAppLauncher (x32 Version: 5.1.15.0) Unbekannt TuxGuitar (x32 Version: 1.2) Nötig Ubisoft Game Launcher (x32 Version: 1.0.0.0) Nötig Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Unbekannt Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Unbekannt Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Unbekannt Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Unbekannt Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Unbekannt Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Unbekannt Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Unbekannt Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Unbekannt Update Installer for WildTangent Games App (x32) Unbekannt Virtual Families (x32 Version: 2.2.0.98) Unbekannt Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) Unbekannt VirtualCloneDrive (x32) Nötig Wedding Dash (x32 Version: 2.2.0.95) Unbekannt WildTangent Games App (HP Games) (x32 Version: 4.0.10.5) Unbekannt Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Unbekannt Windows Live Essentials (x32 Version: 15.4.3502.0922) Unbekannt Windows Live Essentials (x32 Version: 15.4.3538.0513) Unbekannt Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Unbekannt Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Unbekannt Windows Live Installer (x32 Version: 15.4.3502.0922) Unbekannt Windows Live Language Selector (Version: 15.4.3538.0513) Unbekannt Windows Live Mail (x32 Version: 15.4.3502.0922) Unbekannt Windows Live Mesh (x32 Version: 15.4.3502.0922) Unbekannt Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Unbekannt Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Unbekannt Windows Live Messenger (x32 Version: 15.4.3538.0513) Unbekannt Windows Live MIME IFilter (Version: 15.4.3502.0922) Unbekannt Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Unbekannt Windows Live Photo Common (x32 Version: 15.4.3502.0922) Unbekannt Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Unbekannt Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Unbekannt Windows Live Remote Client (Version: 15.4.5722.2) Unbekannt Windows Live Remote Client Resources (Version: 15.4.5722.2) Unbekannt Windows Live Remote Service (Version: 15.4.5722.2) Unbekannt Windows Live Remote Service Resources (Version: 15.4.5722.2) Unbekannt Windows Live SOXE (x32 Version: 15.4.3502.0922) Unbekannt Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Unbekannt Windows Live UX Platform (x32 Version: 15.4.3502.0922) Unbekannt Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Unbekannt Windows Live Writer (x32 Version: 15.4.3502.0922) Unbekannt Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Unbekannt WinZip 16.0 (Version: 16.0.9715) Unbekannt Zuma's Revenge (x32 Version: 2.2.0.98) Unbekannt FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-08-2013
Ran by Ale x (administrator) on 05-08-2013 17:10:53
Running from C:\Users\Ale x\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Mirics Semiconductor Ltd) C:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-30] (IDT, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [HPSYSDRV] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [789504 2012-01-13] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-02-21] (EasyBits Software AS)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKU\Michi\...\Run: [Yontoo Desktop] - "C:\Users\Michi\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
HKU\Michi\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\Michi\...\Policies\system: [DisableLockWorkstation] 0
HKU\Michi\...\Policies\system: [DisableChangePassword] 0
HKU\Michi\...\Policies\system: [LogonHoursAction] 2
HKU\Michi\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: [0 ] ()
Startup: C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {7ABD02B2-A30A-4298-979A-5718F93D506B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {7ABD02B2-A30A-4298-979A-5718F93D506B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKCU - {7ABD02B2-A30A-4298-979A-5718F93D506B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\windows\SysWow64\EZUPBH~1.DLL [52920 2012-08-23] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 217.0.43.145 217.0.43.129
FireFox:
========
FF ProfilePath: C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: WOT - C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\
==================== Services (Whitelisted) =================
R2 hcwD3bda_dvbt; C:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2686464 2011-05-17] (Mirics Semiconductor Ltd)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-19] ()
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-05-16] ()
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [1157240 2011-11-28] (Symantec Corporation)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [1157240 2011-11-28] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 hcwD3bda; C:\Windows\System32\DRIVERS\hcwD3bda64.sys [121344 2011-05-17] (Mirics)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys [488568 2011-11-23] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys [488568 2011-11-23] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-05-16] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120326.002\ENG64.SYS [117880 2012-03-26] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120326.002\ENG64.SYS [117880 2012-03-26] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120326.002\EX64.SYS [2048632 2012-03-26] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120326.002\EX64.SYS [2048632 2012-03-26] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-08-23] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2012-12-31] (Microsoft Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-05 17:10 - 2013-08-05 17:10 - 00000000 ____D C:\FRST
2013-08-05 17:09 - 2013-08-05 17:09 - 01788733 _____ (Farbar) C:\Users\Ale x\Desktop\FRST64.exe
2013-08-02 15:30 - 2013-08-02 16:16 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-08-02 15:30 - 2013-08-02 15:30 - 00000000 ____D C:\ProgramData\Picroma
2013-08-02 00:29 - 2013-08-02 01:18 - 00000000 ____D C:\Users\Ale x\Desktop\anno
2013-07-31 20:46 - 2013-07-31 20:47 - 03216358 _____ C:\Users\Ale x\Desktop\CubeDemo.zip
2013-07-30 18:10 - 2013-07-30 18:10 - 00000000 ____D C:\Users\Ale x\Desktop\Neue Welt----
2013-07-30 01:05 - 2013-07-30 01:05 - 00000000 ____D C:\Users\Ale x\DOSBoxPortable
2013-07-30 00:47 - 2013-07-30 00:47 - 00000000 ____D C:\Users\Ale x\Neue Welt----
2013-07-29 14:03 - 2013-07-29 14:03 - 00000000 ____D C:\Users\Ale x\Desktop\Paddi
2013-07-28 01:01 - 2013-07-28 01:01 - 00000000 ____D C:\Users\Ale x\Documents\PCSX2
2013-07-27 19:29 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Michi\Podcasts
2013-07-27 19:29 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Michi\Documents\Media Go
2013-07-27 19:26 - 2013-07-27 19:30 - 00000000 ____D C:\Users\Michi\AppData\Local\Sony
2013-07-27 19:26 - 2013-07-27 19:26 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-07-27 19:25 - 2013-07-27 19:25 - 00000000 ____D C:\Users\Michi\AppData\Local\Downloaded Installations
2013-07-27 19:08 - 2013-07-27 19:33 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Sony
2013-07-27 19:08 - 2013-07-27 19:25 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-07-27 18:58 - 2013-07-27 19:06 - 00181280 _____ C:\Windows\DPINST.LOG
2013-07-27 18:57 - 2013-07-27 19:27 - 00000000 ____D C:\Program Files (x86)\Sony
2013-07-27 18:57 - 2013-07-27 18:57 - 00000000 ____D C:\ProgramData\Sony
2013-07-27 18:53 - 2013-07-27 18:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-25 20:09 - 2013-07-25 20:09 - 00199825 _____ C:\Users\Ale x\Desktop\ModLoader-1.5.2.zip
2013-07-25 19:40 - 2013-07-25 19:41 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner (3)
2013-07-25 19:10 - 2013-07-25 19:11 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner (2)
2013-07-25 18:51 - 2013-07-25 18:52 - 03424189 _____ C:\Users\Ale x\Desktop\Better-Than-Wolves-Mod-1.5.2.zip
2013-07-24 17:55 - 2013-07-24 17:55 - 00000000 ____D C:\Users\Ale x\Desktop\Starcraft theme
2013-07-19 14:36 - 2013-07-19 14:36 - 00263186 _____ C:\Users\Ale x\Minecraft.exe
2013-07-19 12:58 - 2013-07-19 12:58 - 00093628 _____ C:\Users\Ale x\Desktop\RedPower-2-Compat-1.4.7.zip
2013-07-18 13:30 - 2013-07-18 13:30 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\{72952C65-651A-4DFE-A1CA-1A41EA021521}
2013-07-18 13:30 - 2013-07-18 13:30 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\{6A8355E1-7B97-4D7E-9875-BD683B016D26}
2013-07-14 22:33 - 2013-07-14 22:33 - 00000837 _____ C:\Users\Ale x\Desktop\Minecraft.exe - Verknüpfung (2).lnk
2013-07-14 21:59 - 2013-07-14 22:00 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-14 20:32 - 2013-07-14 20:32 - 00000222 _____ C:\Users\Michi\Desktop\Age of Empires II HD Edition.url
2013-07-14 08:05 - 2013-07-14 08:05 - 01067456 _____ (Solid State Networks) C:\Users\Michi\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-13 01:19 - 2013-07-20 17:10 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\Adobe
2013-07-13 01:08 - 2013-07-13 01:10 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 14:19 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 14:19 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 14:19 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 14:19 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 14:19 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 14:19 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 14:19 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:00 - 2013-07-10 13:00 - 00000218 _____ C:\Users\Ale x\Desktop\Team Fortress Classic.url
2013-07-10 12:47 - 2013-07-10 12:47 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Deathmatch Source.url
2013-07-10 12:43 - 2013-07-10 12:43 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Blue Shift.url
2013-07-10 11:07 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 11:07 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 11:07 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:07 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 11:07 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:07 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:07 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 10:57 - 2013-07-10 10:57 - 00000218 _____ C:\Users\Ale x\Desktop\Half-Life Opposing Force.url
2013-07-09 23:32 - 2013-07-09 23:32 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Source.url
2013-07-09 22:04 - 2013-07-28 05:03 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-07 06:09 - 2013-07-07 06:09 - 00108649 _____ C:\Users\Ale x\Desktop\alexmap.scm
2013-07-06 23:10 - 2013-07-15 21:43 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\.minecraft1.5.2
2013-07-06 08:07 - 2013-07-06 08:07 - 00484992 _____ C:\Users\Michi\Downloads\Minecraft.exe
==================== One Month Modified Files and Folders =======
2013-08-05 17:10 - 2013-08-05 17:10 - 00000000 ____D C:\FRST
2013-08-05 17:10 - 2012-08-23 16:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 17:09 - 2013-08-05 17:09 - 01788733 _____ (Farbar) C:\Users\Ale x\Desktop\FRST64.exe
2013-08-05 17:09 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 17:09 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 17:08 - 2012-10-17 19:37 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC39038B-C2C4-4507-B2B5-60F31416CF4C}
2013-08-05 17:05 - 2012-10-09 19:19 - 01279249 _____ C:\Windows\WindowsUpdate.log
2013-08-05 17:00 - 2012-11-03 22:20 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-05 17:00 - 2012-08-23 16:47 - 00000000 ____D C:\ProgramData\PDFC
2013-08-05 16:59 - 2013-04-14 18:17 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\LogMeIn Hamachi
2013-08-05 16:59 - 2012-12-01 13:28 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-05 16:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 16:59 - 2009-07-14 06:51 - 00098812 _____ C:\Windows\setupact.log
2013-08-05 13:21 - 2013-03-21 22:22 - 00000000 ____D C:\Users\Ale x\9GAG
2013-08-04 21:30 - 2012-10-09 19:28 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DCE04F5E-C4DE-4E9C-BB15-571709D607DD}
2013-08-04 21:21 - 2013-04-19 21:18 - 00000000 ____D C:\Users\Michi\AppData\Local\LogMeIn Hamachi
2013-08-03 16:40 - 2012-12-29 20:48 - 00000000 ____D C:\Users\Michi\Desktop\WIN-XP
2013-08-02 16:16 - 2013-08-02 15:30 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-08-02 15:59 - 2013-04-06 07:44 - 00000000 ___RD C:\Users\Ale x\Desktop\Spiele
2013-08-02 15:30 - 2013-08-02 15:30 - 00000000 ____D C:\ProgramData\Picroma
2013-08-02 01:18 - 2013-08-02 00:29 - 00000000 ____D C:\Users\Ale x\Desktop\anno
2013-08-01 23:42 - 2013-03-08 22:07 - 00000000 ____D C:\Program Files (x86)\StarCraft
2013-07-31 23:37 - 2013-07-01 23:01 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\.minecraft
2013-07-31 21:40 - 2012-12-30 22:35 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2013-07-31 20:47 - 2013-07-31 20:46 - 03216358 _____ C:\Users\Ale x\Desktop\CubeDemo.zip
2013-07-31 19:54 - 2013-02-11 14:57 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\CrashDumps
2013-07-31 19:37 - 2013-02-27 14:22 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForAle x.job
2013-07-31 11:24 - 2013-02-27 14:22 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAle x
2013-07-31 11:24 - 2012-10-10 17:59 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-31 11:23 - 2012-12-05 19:03 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-31 11:22 - 2013-02-20 15:59 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\HpUpdate
2013-07-31 11:22 - 2013-02-20 15:59 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\HP Support Assistant
2013-07-30 18:10 - 2013-07-30 18:10 - 00000000 ____D C:\Users\Ale x\Desktop\Neue Welt----
2013-07-30 01:05 - 2013-07-30 01:05 - 00000000 ____D C:\Users\Ale x\DOSBoxPortable
2013-07-30 01:05 - 2012-10-17 19:37 - 00000000 ____D C:\Users\Ale x
2013-07-30 01:04 - 2012-08-23 16:16 - 00698322 _____ C:\Windows\system32\perfh007.dat
2013-07-30 01:04 - 2012-08-23 16:16 - 00148658 _____ C:\Windows\system32\perfc007.dat
2013-07-30 01:04 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 00:47 - 2013-07-30 00:47 - 00000000 ____D C:\Users\Ale x\Neue Welt----
2013-07-29 19:22 - 2012-10-09 19:22 - 00000000 ____D C:\Users\Michi
2013-07-29 14:03 - 2013-07-29 14:03 - 00000000 ____D C:\Users\Ale x\Desktop\Paddi
2013-07-28 05:03 - 2013-07-09 22:04 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-28 01:01 - 2013-07-28 01:01 - 00000000 ____D C:\Users\Ale x\Documents\PCSX2
2013-07-27 23:08 - 2010-11-21 05:47 - 00039550 _____ C:\Windows\PFRO.log
2013-07-27 21:34 - 2012-11-02 19:01 - 00000000 ____D C:\Users\Michi\AppData\Local\CrashDumps
2013-07-27 19:33 - 2013-07-27 19:08 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Sony
2013-07-27 19:30 - 2013-07-27 19:26 - 00000000 ____D C:\Users\Michi\AppData\Local\Sony
2013-07-27 19:29 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Michi\Podcasts
2013-07-27 19:29 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Michi\Documents\Media Go
2013-07-27 19:27 - 2013-07-27 18:57 - 00000000 ____D C:\Program Files (x86)\Sony
2013-07-27 19:26 - 2013-07-27 19:26 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-07-27 19:25 - 2013-07-27 19:25 - 00000000 ____D C:\Users\Michi\AppData\Local\Downloaded Installations
2013-07-27 19:25 - 2013-07-27 19:08 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-07-27 19:06 - 2013-07-27 18:58 - 00181280 _____ C:\Windows\DPINST.LOG
2013-07-27 18:57 - 2013-07-27 18:57 - 00000000 ____D C:\ProgramData\Sony
2013-07-27 18:57 - 2012-08-23 16:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-27 18:53 - 2013-07-27 18:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-25 20:09 - 2013-07-25 20:09 - 00199825 _____ C:\Users\Ale x\Desktop\ModLoader-1.5.2.zip
2013-07-25 19:41 - 2013-07-25 19:40 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner (3)
2013-07-25 19:11 - 2013-07-25 19:10 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner (2)
2013-07-25 18:52 - 2013-07-25 18:51 - 03424189 _____ C:\Users\Ale x\Desktop\Better-Than-Wolves-Mod-1.5.2.zip
2013-07-24 17:55 - 2013-07-24 17:55 - 00000000 ____D C:\Users\Ale x\Desktop\Starcraft theme
2013-07-24 13:54 - 2012-08-23 16:35 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-23 20:23 - 2013-04-20 15:22 - 00000000 ____D C:\Users\Ale x\Server
2013-07-23 18:37 - 2013-05-04 00:31 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Minecraft Version Changer
2013-07-21 00:11 - 2013-07-21 00:08 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-20 17:10 - 2013-07-13 01:19 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\Adobe
2013-07-20 17:10 - 2012-08-23 16:42 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 17:10 - 2012-08-23 16:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-20 17:10 - 2012-08-23 16:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 08:55 - 2012-10-24 11:34 - 00000000 ___RD C:\Users\Ale x\Spiele
2013-07-19 14:36 - 2013-07-19 14:36 - 00263186 _____ C:\Users\Ale x\Minecraft.exe
2013-07-19 12:58 - 2013-07-19 12:58 - 00093628 _____ C:\Users\Ale x\Desktop\RedPower-2-Compat-1.4.7.zip
2013-07-18 13:30 - 2013-07-18 13:30 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\{72952C65-651A-4DFE-A1CA-1A41EA021521}
2013-07-18 13:30 - 2013-07-18 13:30 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\{6A8355E1-7B97-4D7E-9875-BD683B016D26}
2013-07-18 12:01 - 2013-04-09 18:02 - 00000000 ____D C:\Users\Ale x\Icons
2013-07-16 14:12 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-15 21:43 - 2013-07-06 23:10 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\.minecraft1.5.2
2013-07-14 22:33 - 2013-07-14 22:33 - 00000837 _____ C:\Users\Ale x\Desktop\Minecraft.exe - Verknüpfung (2).lnk
2013-07-14 22:02 - 2012-08-23 16:47 - 00100807 _____ C:\Windows\DirectX.log
2013-07-14 22:00 - 2013-07-14 21:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-14 20:32 - 2013-07-14 20:32 - 00000222 _____ C:\Users\Michi\Desktop\Age of Empires II HD Edition.url
2013-07-14 08:05 - 2013-07-14 08:05 - 01067456 _____ (Solid State Networks) C:\Users\Michi\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-13 01:26 - 2012-10-28 03:37 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-13 01:26 - 2012-10-28 03:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-13 01:26 - 2012-10-28 03:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-13 01:19 - 2012-10-29 14:03 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Adobe
2013-07-13 01:10 - 2013-07-13 01:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-10 15:53 - 2013-01-18 20:53 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-10 14:40 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 14:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 14:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 14:40 - 2009-07-14 06:45 - 00306976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 14:39 - 2013-03-14 20:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 14:39 - 2013-03-14 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 13:00 - 2013-07-10 13:00 - 00000218 _____ C:\Users\Ale x\Desktop\Team Fortress Classic.url
2013-07-10 12:47 - 2013-07-10 12:47 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Deathmatch Source.url
2013-07-10 12:43 - 2013-07-10 12:43 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Blue Shift.url
2013-07-10 10:57 - 2013-07-10 10:57 - 00000218 _____ C:\Users\Ale x\Desktop\Half-Life Opposing Force.url
2013-07-09 23:32 - 2013-07-09 23:32 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Source.url
2013-07-08 20:57 - 2013-05-03 20:15 - 00000000 ____D C:\Users\Ale x\doom 1
2013-07-07 17:16 - 2012-10-28 03:12 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMichi
2013-07-07 17:16 - 2012-10-28 03:12 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMichi.job
2013-07-07 06:09 - 2013-07-07 06:09 - 00108649 _____ C:\Users\Ale x\Desktop\alexmap.scm
2013-07-07 05:37 - 2013-02-13 22:29 - 00000000 ____D C:\Users\Ale x\Desktop\Repair
2013-07-07 04:31 - 2013-04-05 20:48 - 00000000 ____D C:\Users\Ale x\Desktop\Musik
2013-07-06 21:08 - 2013-01-12 19:18 - 00000000 ____D C:\Users\Michi\AppData\Roaming\.minecraft
2013-07-06 08:07 - 2013-07-06 08:07 - 00484992 _____ C:\Users\Michi\Downloads\Minecraft.exe
Files to move or delete:
====================
C:\Users\Ale x\Minecraft.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-24 19:16
==================== End Of Log ============================
--- --- --- addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2013 Ran by Ale x at 2013-08-05 17:13:06 Running from C:\Users\Ale x\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Age of Empires II: HD Edition (x32) ANNO 1503 GOLD (x32 Version: 1.05.00) Anno 1701 - Der Fluch des Drachen (x32 Version: 2.03) Anno 1701 (x32 Version: 1.04) ANNO 2070 (x32 Version: 1.0.0.0) Back to the Future The Game (HKCU Version: 2.0.0.0) Battle.net (x32) Bejeweled 3 (x32 Version: 2.2.0.98) Cake Mania (x32 Version: 2.2.0.98) Chuzzle Deluxe (x32 Version: 2.2.0.95) Command & Conquer 3 (x32 Version: 1.00.0000) Cradle of Rome 2 (x32 Version: 2.2.0.98) Craften Terminal 3.3.4897.28268 (x32 Version: 3.3.4897.28268) Cube World version 0.0.1 (x32 Version: 0.0.1) D3DX10 (x32 Version: 15.4.2368.0902) Diablo (x32) Diablo II (x32) Diablo The Awakening v6.4 (x32) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Edna Bricht Aus 6.3 (x32) ESET Online Scanner v3 (x32) Facebook (x32 Version: 1.1.0004) Farm Frenzy (x32 Version: 2.2.0.98) Farmscapes (x32 Version: 2.2.0.97) FATE (x32 Version: 2.2.0.97) Final Drive Fury (x32 Version: 2.2.0.95) Fishdom (TM) 2 (x32 Version: 2.2.0.98) Half-Life (x32) Half-Life 2 (x32) Half-Life 2: Deathmatch (x32) Half-Life 2: Episode One (x32) Half-Life 2: Episode Two (x32) Half-Life 2: Lost Coast (x32) Half-Life Deathmatch: Source (x32) Half-Life: Blue Shift (x32) Half-Life: Opposing Force (x32) Half-Life: Source (x32) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) HP Auto (Version: 1.0.12935.3667) HP Calendar (x32 Version: 5.1.4245.23508) HP Clock (x32 Version: 5.1.4281.27332) HP Customer Experience Enhancements (x32 Version: 6.0.1.8) HP Games (x32 Version: 1.0.2.5) HP LinkUp (x32 Version: 2.01.029) HP Magic Canvas (x32 Version: 5.1.15.0) HP Magic Canvas Tutorials (x32 Version: 6.0.0.0) HP Notes (x32 Version: 5.1.4274.30382) HP Odometer (x32 Version: 2.10.0000) HP Remote Solution (x32 Version: 1.1.16.0) HP RSS (x32 Version: 5.1.4289.23799) HP Setup (x32 Version: 9.1.15430.4033) HP Support Assistant (x32 Version: 7.0.39.15) HP Support Information (x32 Version: 11.00.0001) HP TouchSmart Background - Beats (x32 Version: 1.0.1.0) HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730) HP Update (x32 Version: 5.003.001.001) Insaniquarium Deluxe (x32 Version: 2.2.0.97) Intel(R) Management Engine Components (x32 Version: 8.0.0.1351) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Jewel Match 3 (x32 Version: 2.2.0.98) Jewel Quest II (x32 Version: 2.2.0.97) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Junk Mail filter update (x32 Version: 15.4.3502.0922) LabelPrint (x32 Version: 2.5.4507) LogMeIn Hamachi (x32 Version: 2.1.0.374) Magic Desktop (x32 Version: 3.0) Mahjongg Artifacts (x32 Version: 2.2.0.95) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Media Go (x32 Version: 2.5.290) Media Go Video Playback Engine 1.120.103.05010 (x32 Version: 1.120.103.05010) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Age of Empires II (x32) Microsoft Age of Empires II: The Conquerors Expansion (x32) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mathematics (x32 Version: 4.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Security Client (Version: 4.3.0215.0) Microsoft Security Essentials (Version: 4.3.215.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98) Norton Internet Security (x32 Version: 19.9.1.14) Norton Online Backup (x32 Version: 2.1.17869) NVIDIA Control Panel 296.28 (Version: 296.28) NVIDIA Graphics Driver 296.28 (Version: 296.28) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.109.718) NVIDIA PhysX (x32 Version: 9.12.0213) NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) opensource (x32 Version: 1.0.14960.3876) Outcast (x32) Outcast Patch (x32) PDF Complete Corporate Edition (x32 Version: 4.0.95) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) PlayReady PC Runtime amd64 (Version: 1.3.0) PlayStation(R)Store (x32 Version: 4.14.6.15183) Polar Bowler (x32 Version: 2.2.0.97) Portal 2 (x32) Power2Go (x32 Version: 6.1.6207) Ralink 802.11n Wireless LAN Card (x32 Version: 3.2.12.0) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98) Recovery Manager (x32 Version: 5.5.0.5119) Remote Graphics Receiver (x32 Version: 5.4.5) rosoft .NET Framework 4 Client Profile (Version: 4.0.30319) Sony PC Companion 2.10.165 (x32 Version: 2.10.165) StarCraft (x32) StarCraft II (x32 Version: 2.0.9.26147) Steam (x32 Version: 1.0.0.0) Team Fortress 2 (x32) Team Fortress Classic (x32) The Elder Scrolls V: Skyrim (x32) TI USB 3.0 Host Controller Driver (x32 Version: 1.12.18.0) TI USB3 Host Driver (x32 Version: 1.12.18.0) Torchlight (x32 Version: 2.2.0.98) TSHostedAppLauncher (x32 Version: 5.1.15.0) TuxGuitar (x32 Version: 1.2) Ubisoft Game Launcher (x32 Version: 1.0.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update Installer for WildTangent Games App (x32) Virtual Families (x32 Version: 2.2.0.98) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) VirtualCloneDrive (x32) Wedding Dash (x32 Version: 2.2.0.95) WildTangent Games App (HP Games) (x32 Version: 4.0.10.5) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3538.0513) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinZip 16.0 (Version: 16.0.9715) Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 20-07-2013 07:04:32 Windows Update 23-07-2013 12:05:56 Windows Update 26-07-2013 18:30:22 Windows Update 27-07-2013 16:57:42 Sony PC Companion 27-07-2013 17:05:42 Sony PC Companion 30-07-2013 13:49:34 Windows Update 02-08-2013 19:35:45 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00C29653-0376-44B1-AA5C-1E5A7F406562} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-16] (Hewlett-Packard) Task: {14337878-1A74-42A1-A0DE-F658623AFCD2} - System32\Tasks\User_Feed_Synchronization-{1A8ABA5F-DB43-4453-9610-EE60A5106D77} => C:\Windows\system32\msfeedssync.exe [2013-03-22] (Microsoft Corporation) Task: {234090B7-BE6D-4AA2-9D28-6E29947CA913} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {33ADFA59-728B-4F4D-8C4B-83DF50F02290} - System32\Tasks\User_Feed_Synchronization-{5E38165C-083A-40B7-98E9-FD0E1ECAF254} => C:\Windows\system32\msfeedssync.exe [2013-03-22] (Microsoft Corporation) Task: {3E3E514B-935D-46A6-9FC3-0E8081EED74E} - System32\Tasks\User_Feed_Synchronization-{CC39038B-C2C4-4507-B2B5-60F31416CF4C} => C:\Windows\system32\msfeedssync.exe [2013-03-22] (Microsoft Corporation) Task: {4142532B-ADFB-401A-9622-4DBF811CBD0E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation) Task: {4A63DD63-8F36-43BC-ABFC-E3FEC1E1A42E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {52E5915F-92E1-47AC-97B0-1EC56B78F2E8} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-03-19] (CyberLink) Task: {5DD1877B-F953-490C-AA5B-D9162556F292} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: {67C50EA0-D683-489F-B1E3-28F3D0543F34} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {6ABB3D6A-0F61-43F1-ACBE-5CDF71AB08F6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {6DE0F598-3372-4F6C-9633-31D49D4B8B0C} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {6F36B0B6-8C6D-4E60-A315-F09C2BFCE534} - System32\Tasks\HPCeeScheduleForAle x => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {6F5F9CF7-0DDC-44E0-A71B-E7B635CC9D62} - System32\Tasks\HPCeeScheduleForMichi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {9484194D-E1BD-4976-8BA3-E235DAB219E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {952B725D-CE1B-44E9-9278-91EDD209741F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {9CD8F43F-565B-459B-AA68-E0023C092959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-16] (Hewlett-Packard) Task: {B32BF7E4-0714-4354-8EDD-4FE17CF2D892} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20] (Adobe Systems Incorporated) Task: {BF19C178-25C1-46E3-A7BB-4B264FFB3523} - System32\Tasks\User_Feed_Synchronization-{DCE04F5E-C4DE-4E9C-BB15-571709D607DD} => C:\Windows\system32\msfeedssync.exe [2013-03-22] (Microsoft Corporation) Task: {DF4569D7-9B93-46ED-BCBF-D2D62C576452} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {EC0E2CF0-BFE9-4247-B82C-7E50224B4962} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForAle x.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForMichi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/31/2013 07:54:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: GameOverlayUI.exe, Version: 1.32.20.50, Zeitstempel: 0x4f46a9bf Name des fehlerhaften Moduls: gameoverlayui.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x51f2e863 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6bd26290 ID des fehlerhaften Prozesses: 0x918 Startzeit der fehlerhaften Anwendung: 0xGameOverlayUI.exe0 Pfad der fehlerhaften Anwendung: GameOverlayUI.exe1 Pfad des fehlerhaften Moduls: GameOverlayUI.exe2 Berichtskennung: GameOverlayUI.exe3 Error: (07/27/2013 09:34:43 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2 ID des fehlerhaften Prozesses: 0x1438 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (07/27/2013 07:33:01 PM) (Source: Application Hang) (User: ) Description: Programm MediaGo.exe, Version 2.5.0.290 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a54 Startzeit: 01ce8aeee862e84e Endzeit: 40 Anwendungspfad: C:\Program Files (x86)\Sony\Media Go\MediaGo.exe Berichts-ID: 89ff0afb-f6e2-11e2-8879-24be0506dd56 Error: (07/25/2013 08:48:57 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/24/2013 07:16:59 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/23/2013 08:31:25 PM) (Source: Application Hang) (User: ) Description: Programm javaw.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea0 Startzeit: 01ce87d11af2da72 Endzeit: 67 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe Berichts-ID: 10a07b71-f3c6-11e2-8972-24be0506dd56 Error: (07/22/2013 07:28:13 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/20/2013 01:19:30 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/19/2013 01:21:06 PM) (Source: Application Hang) (User: ) Description: Programm java.exe, Version 7.0.250.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 154 Startzeit: 01ce8471e60d2aa3 Endzeit: 0 Anwendungspfad: C:\Windows\System32\java.exe Berichts-ID: Error: (07/14/2013 05:00:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ezSharedSvcHost.exe, Version: 5.0.0.101, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x4b4 Startzeit der fehlerhaften Anwendung: 0xezSharedSvcHost.exe0 Pfad der fehlerhaften Anwendung: ezSharedSvcHost.exe1 Pfad des fehlerhaften Moduls: ezSharedSvcHost.exe2 Berichtskennung: ezSharedSvcHost.exe3 System errors: ============= Error: (08/05/2013 05:02:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "CalendarSynchService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/05/2013 05:02:37 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CalendarSynchService erreicht. Error: (08/05/2013 05:00:06 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Ralink UPnP Media Server erreicht. Error: (08/05/2013 02:48:32 PM) (Source: ipnathlp) (User: ) Description: 0 Error: (08/05/2013 02:48:17 PM) (Source: ipnathlp) (User: ) Description: 0 Error: (08/05/2013 02:48:17 PM) (Source: ipnathlp) (User: ) Description: 0 Error: (08/05/2013 02:20:01 PM) (Source: ipnathlp) (User: ) Description: 0 Error: (08/05/2013 01:20:38 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Ralink UPnP Media Server erreicht. Error: (08/04/2013 11:48:50 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Ralink UPnP Media Server erreicht. Error: (08/04/2013 11:41:23 PM) (Source: ipnathlp) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (07/31/2013 07:54:17 PM) (Source: Application Error)(User: ) Description: GameOverlayUI.exe1.32.20.504f46a9bfgameoverlayui.dll_unloaded0.0.0.051f2e863c00000056bd2629091801ce8e16f2acd5dbC:\Program Files (x86)\Steam\GameOverlayUI.exegameoverlayui.dll37961074-fa0a-11e2-af1e-24be0506dd56 Error: (07/27/2013 09:34:43 PM) (Source: Application Error)(User: ) Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f2143801ce8ae4b9df3000C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll95fa2f23-f6f3-11e2-8879-24be0506dd56 Error: (07/27/2013 07:33:01 PM) (Source: Application Hang)(User: ) Description: MediaGo.exe2.5.0.2901a5401ce8aeee862e84e40C:\Program Files (x86)\Sony\Media Go\MediaGo.exe89ff0afb-f6e2-11e2-8879-24be0506dd56 Error: (07/25/2013 08:48:57 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (07/24/2013 07:16:59 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (07/23/2013 08:31:25 PM) (Source: Application Hang)(User: ) Description: javaw.exe7.0.250.16ea001ce87d11af2da7267C:\Program Files\Java\jre7\bin\javaw.exe10a07b71-f3c6-11e2-8972-24be0506dd56 Error: (07/22/2013 07:28:13 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (07/20/2013 01:19:30 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (07/19/2013 01:21:06 PM) (Source: Application Hang)(User: ) Description: java.exe7.0.250.1615401ce8471e60d2aa30C:\Windows\System32\java.exe Error: (07/14/2013 05:00:46 PM) (Source: Application Error)(User: ) Description: ezSharedSvcHost.exe5.0.0.1012a425e19unknown0.0.0.000000000c0000005000000004b401ce8073c50cfe78C:\Windows\SysWOW64\ezSharedSvcHost.exeunknown29069cd9-ec96-11e2-8731-24be0506dd56 CodeIntegrity Errors: =================================== Date: 2013-05-16 12:58:11.471 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-16 12:58:11.445 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-16 12:58:11.147 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-16 12:58:11.121 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-16 12:49:34.292 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-16 12:49:34.261 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-16 12:49:30.579 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-16 12:49:30.532 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-15 21:50:55.548 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-15 21:50:55.523 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8148.01 MB Available physical RAM: 6128.8 MB Total Pagefile: 16294.21 MB Available Pagefile: 14042.35 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:914.36 GB) (Free:692.13 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:16.93 GB) (Free:2.11 GB) NTFS (Disk=0 Partition=4) Drive h: (Label Iso) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 2FA22668) Partition: GPT Partition Type ==================== End Of Log ============================ habt ihr irgendwo ne Textdatei in der ihr alle Anleitungen stehen habt und dann nur noch Kopieren müsst Geändert von Bugie (05.08.2013 um 17:16 Uhr) |
|
05.08.2013, 17:26
| #4 |
| /// Malware-holic | C:\Windows\Installer\3ef28e.msi infiziert Hi, 1. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Bejeweled Cake Chuzzle Cradle Craften Farm Farmscapes Final Drive Fishdom Insaniquarium Jewel : alle Magic Mahjongg Mystery Norton : nutzt du diesen Anitmalware Scanner? wenn ja, mal auf die Homepage gehen, Upgraden. Wenn nein, deinstalieren. PDF Complete Plants vs Polar Virtual Villagers Wedding WildTangent Windows Live : alle für dich unnötigen. Zuma's 2. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.08.2013, 17:40
| #5 |
| | C:\Windows\Installer\3ef28e.msi infiziert Wie soll ich das deinstallieren |
|
05.08.2013, 18:15
| #6 |
| /// Malware-holic | C:\Windows\Installer\3ef28e.msi infiziert Systemsteuerung, software.
__________________ --> C:\Windows\Installer\3ef28e.msi infiziert |
|
05.08.2013, 18:25
| #7 |
| | C:\Windows\Installer\3ef28e.msi infiziert Nee die spiele sind da nicht drin |
|
05.08.2013, 18:33
| #8 |
| /// Malware-holic | C:\Windows\Installer\3ef28e.msi infiziert Über rewo: Revo Uninstaller - Download - Filepony
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.08.2013, 21:19
| #9 |
| | C:\Windows\Installer\3ef28e.msi infiziert Ok die Programme sind Gelöscht und hier der log die Minecraft.exe ist keine gecrackte version Code:
ATTFilter ComboFix 13-08-05.03 - Ale x 05.08.2013 22:07:34.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8148.6070 [GMT 2:00]
ausgeführt von:: c:\users\Ale x\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\Ale x\Minecraft.exe
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-05 bis 2013-08-05 ))))))))))))))))))))))))))))))
.
.
2013-08-05 20:13 . 2013-08-05 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-05 20:13 . 2013-08-05 20:13 -------- d-----w- c:\users\Michi\AppData\Local\temp
2013-08-05 19:36 . 2013-08-05 19:36 -------- d-----w- c:\programdata\PDFC
2013-08-05 19:27 . 2013-08-05 19:27 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-08-05 15:10 . 2013-08-05 15:10 -------- d-----w- C:\FRST
2013-08-04 21:59 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE8CBDAB-8946-4649-9BA4-A8F0B226FC29}\mpengine.dll
2013-08-03 20:14 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-02 13:30 . 2013-08-02 14:16 -------- d-----w- c:\program files (x86)\Cube World
2013-08-02 13:30 . 2013-08-02 13:30 -------- d-----w- c:\programdata\Picroma
2013-07-29 23:05 . 2013-07-29 23:05 -------- d-----w- c:\users\Ale x\DOSBoxPortable
2013-07-29 22:47 . 2013-07-29 22:47 -------- d-----w- c:\users\Ale x\Neue Welt----
2013-07-27 17:29 . 2013-07-27 17:29 -------- d-----w- c:\users\Michi\Podcasts
2013-07-27 17:26 . 2013-07-27 17:30 -------- d-----w- c:\users\Michi\AppData\Local\Sony
2013-07-27 17:26 . 2013-07-27 17:27 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2013-07-27 17:26 . 2013-07-27 17:26 -------- d-----w- c:\programdata\Sony Corporation
2013-07-27 17:25 . 2013-07-27 17:25 -------- d-----w- c:\users\Michi\AppData\Local\Downloaded Installations
2013-07-27 17:08 . 2013-07-27 17:33 -------- d-----w- c:\users\Michi\AppData\Roaming\Sony
2013-07-27 17:08 . 2013-07-27 17:25 -------- d-----w- c:\program files (x86)\Sony Media Go Install
2013-07-27 16:57 . 2013-07-27 17:27 -------- d-----w- c:\program files (x86)\Sony
2013-07-27 16:57 . 2013-07-27 16:57 -------- d-----w- c:\programdata\Sony
2013-07-20 22:08 . 2013-07-20 22:11 -------- d-----w- c:\programdata\SecTaskMan
2013-07-17 13:53 . 2013-07-17 13:53 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11BF325F-5C3A-4830-BCF4-972B0E16E67C}\gapaengine.dll
2013-07-14 19:59 . 2013-07-14 20:00 -------- d-----w- c:\programdata\Package Cache
2013-07-12 23:19 . 2013-07-20 15:10 -------- d-----w- c:\users\Ale x\AppData\Local\Adobe
2013-07-12 23:08 . 2013-07-12 23:10 -------- d-----w- c:\windows\system32\MRT
2013-07-10 09:07 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-06 21:10 . 2013-07-15 19:43 -------- d-----w- c:\users\Ale x\AppData\Roaming\.minecraft1.5.2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-05 15:44 . 2013-01-18 19:12 164880 ---ha-w- c:\users\Ale x\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-08-02 19:23 . 2012-12-30 19:08 164880 ---ha-w- c:\users\Michi\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-07-20 15:10 . 2012-08-23 14:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-20 15:10 . 2012-08-23 14:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-24 18:06 . 2013-06-24 18:06 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-24 18:06 . 2013-06-24 18:06 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-24 18:06 . 2013-06-24 18:06 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-24 18:06 . 2013-06-24 18:06 188840 ----a-w- c:\windows\system32\java.exe
2013-06-24 18:05 . 2012-10-09 18:31 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-24 18:05 . 2012-10-09 18:31 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-24 17:59 . 2013-06-24 17:59 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 17:59 . 2012-10-09 18:41 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 17:59 . 2012-10-09 18:41 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2012-12-21 15:35 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 10:49 . 2012-11-28 15:15 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-18 19:50 . 2013-06-18 19:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-08-30 21:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-05-16 11:10 . 2012-11-02 17:00 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-05-16 11:10 . 2012-11-02 17:00 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-05-13 05:51 . 2013-06-12 14:06 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 14:06 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 14:06 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 14:06 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 14:06 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 14:06 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 14:06 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 14:06 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 14:06 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 14:06 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 14:06 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 14:06 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 14:06 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2012-01-13 789504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2012-02-21 61112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hcwD3bda_dvbt;Hauppauge MSi2500 DVBT Service;c:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe;c:\windows\SYSNATIVE\hauppauge\hcwD3dvb\DVBT\DVBService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
S3 hcwD3bda;Driver for WinTV DVB-T (Model 133xxx);c:\windows\system32\DRIVERS\hcwD3bda64.sys;c:\windows\SYSNATIVE\DRIVERS\hcwD3bda64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 15:10]
.
2013-07-31 c:\windows\Tasks\HPCeeScheduleForAle x.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2013-07-07 c:\windows\Tasks\HPCeeScheduleForMichi.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-30 1425408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-03-30 37888]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
FF - ProfilePath - c:\users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-06-17 22:33; {2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}; c:\users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF - ExtSQL: 2013-06-23 02:08; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGDF-hp-bals - c:\program files (x86)\HP Games\Web Link - Build-A-Lot Metropolis\Uninstall.exe
AddRemove-WildTangentGDF-hp-battlestargalacticaonline - c:\program files (x86)\HP Games\Web Link - Battlestar Galactica Online\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-gunbros - c:\program files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe
AddRemove-WildTangentGDF-hp-itgirl - c:\program files (x86)\HP Games\Web Link - It Girl!\Uninstall.exe
AddRemove-WildTangentGDF-hp-mahjonggdarkdimensions - c:\program files (x86)\HP Games\Web Link - Mahjongg Dark Dimensions\Uninstall.exe
AddRemove-WildTangentGDF-hp-organizedcrime - c:\program files (x86)\HP Games\Web Link - Organized Crime\Uninstall.exe
AddRemove-WildTangentGDF-hp-penguinworldsocial - c:\program files (x86)\HP Games\Web Link - Penguin World\Uninstall.exe
AddRemove-WildTangentGDF-hp-polarbowlerfacebook - c:\program files (x86)\HP Games\Web Link - Polar Bowler Strike!\Uninstall.exe
AddRemove-WildTangentGDF-hp-salonstreetsocial - c:\program files (x86)\HP Games\Web Link - Salon Street\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-shaiya - c:\program files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe
AddRemove-WildTangentGDF-hp-superherosquadonline - c:\program files (x86)\HP Games\Web Link - Marvel Super Hero Squad Online\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1 - c:\program files (x86)\Hewlett-Packard\TouchSmart\Tutorials\unins000.exe
AddRemove-{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52} - c:\program files (x86)\Hewlett-Packard\TouchSmart\SmartCenter\TSUninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2266554003-3024528923-3831301696-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,8e,00,d6,a9,a8,e5,06,44,2b,0e,cc,6b,2d,aa,43,27,a0,ff,fb,45,a0,cf,
bd,c7,6a,b9,ec,72,a8,ef,61,6b,71,7d,af,32,f4,0c,72,36,cb,0a,54,22,96,c3,71,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-05 22:14:48
ComboFix-quarantined-files.txt 2013-08-05 20:14
.
Vor Suchlauf: 10 Verzeichnis(se), 763.125.727.232 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 764.948.938.752 Bytes frei
.
- - End Of File - - 2DE1F80DF7B57479E61CEF22F8C38E02
5FB38429D5D77768867C76DCBDB35194
|
|
06.08.2013, 13:49
| #10 |
| /// Malware-holic | C:\Windows\Installer\3ef28e.msi infiziert Kannst du sie, wflls nötig, neu instalieren? Es siind Logs zu erstellen, bitte möglichst gleichzeitig posten. 1. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
neustarten. 2. Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
neustarten. 3. HitmanPro - Download - Filepony Bitte Hitmanpro ausführen, Scan klicken. Log speichern und posten, bzw als XML exportieren packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.08.2013, 18:32
| #11 |
| | C:\Windows\Installer\3ef28e.msi infiziert Ok ist gemacht aber bei aber jrt habe ich ohne admin gestarted ich hab dann nochmal mit gestartet. Und hitman sagt jrt ist ein Virus ist das normal ? adw Code:
ATTFilter # AdwCleaner v2.306 - Datei am 06/08/2013 um 19:04:52 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ale x - MICHI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ale x\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\foxydeal.sqlite
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1932 octets] - [06/08/2013 19:04:52]
########## EOF - C:\AdwCleaner[S1].txt - [1992 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ale x on 06.08.2013 at 19:10:02,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7ABD02B2-A30A-4298-979A-5718F93D506B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7ABD02B2-A30A-4298-979A-5718F93D506B}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Empty Folder] C:\Users\Ale x\appdata\local\{6A8355E1-7B97-4D7E-9875-BD683B016D26}
Successfully deleted: [Empty Folder] C:\Users\Ale x\appdata\local\{72952C65-651A-4DFE-A1CA-1A41EA021521}
~~~ FireFox
Successfully deleted the following from C:\Users\Ale x\AppData\Roaming\mozilla\firefox\profiles\fx1q1aye.default\prefs.js
user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1365171130630");
Emptied folder: C:\Users\Ale x\AppData\Roaming\mozilla\firefox\profiles\fx1q1aye.default\minidumps [88 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2013 at 19:13:00,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ale x on 06.08.2013 at 19:14:21,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Ale x\AppData\Roaming\mozilla\firefox\profiles\fx1q1aye.default\minidumps [88 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2013 at 19:16:51,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter HitmanPro 3.7.7.203
www.hitmanpro.com
Computer name . . . . : MICHI-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : Michi-PC\Ale x
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-08-06 19:19:10
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 44s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 14
Traces . . . . . . . : 1790
Objects scanned . . . : 1.487.566
Files scanned . . . . : 44.220
Remnants scanned . . : 531.158 files / 912.188 keys
Malware _____________________________________________________________________
C:\Users\Ale x\Desktop\JRT.exe
Size . . . . . . . : 563.461 bytes
Age . . . . . . . : 0.0 days (2013-08-06 19:02:38)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D40C234C9DEBC0D1EC4F06D658518BB49A782352FC2BE4553D356D80F9DB8F28
Product . . . . . : 7ZSfxNew
Publisher . . . . : Oleg N. Scherbakov
Description . . . : 7z Setup SFX
Version . . . . . : 1.2.0.715
Copyright . . . . : Copyright © 2005-2007 Oleg N. Scherbakov
> Kaspersky . . . . : Trojan.Win32.Pasta.vxz
Fuzzy . . . . . . : 110.0
Forensic Cluster
-34.3s C:\Users\Ale x\AppData\Local\Mozilla\Firefox\Profiles\fx1q1aye.default\Cache\D\12\9DDACd01
-34.0s C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\healthreport\state.json
-33.9s C:\Users\Ale x\AppData\Local\Mozilla\Firefox\Profiles\fx1q1aye.default\Cache\4\F9\2CC2Fd01
-25.2s C:\Users\Ale x\AppData\Local\Mozilla\Firefox\Profiles\fx1q1aye.default\Cache\7\4E\7FE0Bd01
-23.9s C:\Users\Ale x\AppData\Local\Mozilla\Firefox\Profiles\fx1q1aye.default\Cache\1\0D\1A47Ed01
-21.1s C:\Windows\Prefetch\ReadyBoot\Trace2.fx
-20.7s C:\Users\Ale x\AppData\Local\Mozilla\Firefox\Profiles\fx1q1aye.default\Cache\4\EC\6DA31d01
-19.6s C:\Users\Ale x\AppData\Local\Mozilla\Firefox\Profiles\fx1q1aye.default\Cache\1\97\EBF85d01
-16.0s C:\Users\Ale x\Desktop\adwcleaner.exe
-3.0s C:\Users\Ale x\Desktop\JRT.exe
0.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{95C44F69-DFD7-4113-BF8E-755BB8F277DE}
3.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{3C35A0EE-70F4-4540-BD86-D41D14D21536}
Cookies _____________________________________________________________________
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\0CDO26HX.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\1BWOUL5O.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\1MHPPD0M.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\20EUSZ8A.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\20WS4ITO.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\22YZ3IMM.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\49Q9G0B0.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\8MQ4E8T9.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\9B7LQUZZ.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\A3OTZWMP.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\HY1LJU0L.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\I768V9WV.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\IKO3SZH4.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\M7XURW7P.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\P63J25K8.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\Q6UCK2WK.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\QO5ACGCB.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\T3D4XIVZ.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\TFYN2874.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\TNVBDQPR.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\U60PBI2Y.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\W0IHX2MO.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\ZFTFB2PN.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\ZGDFSB4B.txt
C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Cookies\ZS8517SQ.txt
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:2o7.net
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:7search.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.123-template.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.360yield.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.adserver01.de
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.dlv.de
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.dyntracker.de
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.mlnadvertising.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ad.zanox.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ads.jinkads.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ads.p161.net
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ads.pubmatic.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:adtech.de
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:adtechus.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:advertising.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:apmebf.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:at.atwola.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:atdmt.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:c.atdmt.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:casalemedia.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:content.yieldmanager.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:doubleclick.net
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:invitemedia.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:media6degrees.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:mediaplex.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:pool-eu-ie.creative-serving.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:revsci.net
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:ru4.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:server.cpmstar.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:smartadserver.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:specificclick.net
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:static.freewebs.getclicky.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:stats.paypal.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:track.adform.net
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:track.effiliation.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:tradedoubler.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:tribalfusion.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:www.googleadservices.com
C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\cookies.sqlite:xiti.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:2o7.net
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.123-template.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.12mnkys.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.360yield.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.adnet.de
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.adserver01.de
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.dyntracker.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.dyntracker.de
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ad.zanox.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ads.glispa.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ads.p161.net
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ads.pubmatic.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:adtech.de
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:adultadworld.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:advertising.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:apmebf.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:at.atwola.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:atdmt.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:casalemedia.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:content.yieldmanager.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:doubleclick.net
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:eas.apm.emediate.eu
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:emjcd.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ero-advertising.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:exoclick.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:fastclick.net
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:invitemedia.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:media6degrees.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:mediaplex.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:pool-eu-ie.creative-serving.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:questionmarket.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:revsci.net
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:ru4.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:smartadserver.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:stat.dealtime.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:track.adform.net
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:tradedoubler.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:tribalfusion.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:www.googleadservices.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:xiti.com
C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\46pglx44.default\cookies.sqlite:yadro.ru
|
|
06.08.2013, 18:49
| #12 |
| /// Malware-holic | C:\Windows\Installer\3ef28e.msi infiziert nein ist eine falschmeldung, werds weiterleiten. bitte abschließenes JRT Log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.08.2013, 19:35
| #13 |
| | C:\Windows\Installer\3ef28e.msi infiziert Ok hier mse meldet auch schon das jrt ein virus ist kann ich mich jetzt wieder ihn meinen e-mail acount einloggen oder besteht noch gefahr ? Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.4 (08.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ale x on 06.08.2013 at 20:28:07,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Ale x\AppData\Roaming\mozilla\firefox\profiles\fx1q1aye.default\minidumps [88 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2013 at 20:31:12,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
06.08.2013, 19:40
| #14 |
| /// Malware-holic | C:\Windows\Installer\3ef28e.msi infiziert Hi, sorry ich meinte FRST. mails kannst du lesen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.08.2013, 19:55
| #15 |
| | C:\Windows\Installer\3ef28e.msi infiziert Ok hier hatt es sich jetz endlich erledigt oder kommt noch was ? und Danke für die schnelle Hilfe FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-08-2013
Ran by Ale x (administrator) on 06-08-2013 20:50:19
Running from C:\Users\Ale x\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Mirics Semiconductor Ltd) C:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-30] (IDT, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [HPSYSDRV] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [789504 2012-01-13] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-02-21] (EasyBits Software AS)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKU\Michi\...\Run: [Yontoo Desktop] - "C:\Users\Michi\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
HKU\Michi\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\Michi\...\Policies\system: [DisableLockWorkstation] 0
HKU\Michi\...\Policies\system: [DisableChangePassword] 0
HKU\Michi\...\Policies\system: [LogonHoursAction] 2
HKU\Michi\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {7ABD02B2-A30A-4298-979A-5718F93D506B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\windows\SysWow64\EZUPBH~1.DLL [52920 2012-08-23] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 217.0.43.145 217.0.43.129
FireFox:
========
FF ProfilePath: C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: WOT - C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\Ale x\AppData\Roaming\Mozilla\Firefox\Profiles\fx1q1aye.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
==================== Services (Whitelisted) =================
R2 hcwD3bda_dvbt; C:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2686464 2011-05-17] (Mirics Semiconductor Ltd)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-19] ()
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-05-16] ()
R3 hcwD3bda; C:\Windows\System32\DRIVERS\hcwD3bda64.sys [121344 2011-05-17] (Mirics)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-05-16] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2012-12-31] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 19:03 - 2013-08-06 19:04 - 09853928 _____ (SurfRight B.V.) C:\Users\Ale x\Desktop\HitmanPro_x64.exe
2013-08-06 19:02 - 2013-08-06 19:02 - 00666633 _____ C:\Users\Ale x\Desktop\adwcleaner.exe
2013-08-06 19:02 - 2013-08-06 19:02 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\Ale x\Desktop\JRT.exe
2013-08-06 02:43 - 2013-08-06 02:43 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner
2013-08-05 22:05 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-05 22:05 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-05 22:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-05 22:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-05 22:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-05 22:05 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-05 22:05 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-05 22:05 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-05 22:02 - 2013-08-05 22:14 - 00000000 ____D C:\Qoobox
2013-08-05 22:02 - 2013-08-05 22:13 - 00000000 ____D C:\Windows\erdnt
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\ProgramData\PDFC
2013-08-05 21:29 - 2013-08-05 21:30 - 05100695 ____R (Swearware) C:\Users\Ale x\Desktop\ComboFix.exe
2013-08-05 21:27 - 2013-08-05 21:27 - 00001270 _____ C:\Users\Ale x\Desktop\Revo Uninstaller.lnk
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-05 21:26 - 2013-08-05 21:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ale x\Desktop\revosetup95.exe
2013-08-05 17:10 - 2013-08-05 17:10 - 00000000 ____D C:\FRST
2013-08-05 17:09 - 2013-08-05 17:09 - 01788733 _____ (Farbar) C:\Users\Ale x\Desktop\FRST64.exe
2013-08-02 15:30 - 2013-08-02 16:16 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-08-02 15:30 - 2013-08-02 15:30 - 00000000 ____D C:\ProgramData\Picroma
2013-08-02 00:29 - 2013-08-02 01:18 - 00000000 ____D C:\Users\Ale x\Desktop\anno
2013-07-31 20:46 - 2013-07-31 20:47 - 03216358 _____ C:\Users\Ale x\Desktop\CubeDemo.zip
2013-07-30 18:10 - 2013-07-30 18:10 - 00000000 ____D C:\Users\Ale x\Desktop\Neue Welt----
2013-07-30 01:05 - 2013-07-30 01:05 - 00000000 ____D C:\Users\Ale x\DOSBoxPortable
2013-07-30 00:47 - 2013-07-30 00:47 - 00000000 ____D C:\Users\Ale x\Neue Welt----
2013-07-29 14:03 - 2013-07-29 14:03 - 00000000 ____D C:\Users\Ale x\Desktop\Paddi
2013-07-28 01:01 - 2013-07-28 01:01 - 00000000 ____D C:\Users\Ale x\Documents\PCSX2
2013-07-27 19:35 - 2013-07-27 19:35 - 01211376 _____ (DVDVideoSoft Ltd. ) C:\Users\Michi\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-27 19:29 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Michi\Podcasts
2013-07-27 19:29 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Michi\Documents\Media Go
2013-07-27 19:26 - 2013-07-27 19:30 - 00000000 ____D C:\Users\Michi\AppData\Local\Sony
2013-07-27 19:26 - 2013-07-27 19:26 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-07-27 19:25 - 2013-07-27 19:25 - 00000000 ____D C:\Users\Michi\AppData\Local\Downloaded Installations
2013-07-27 19:08 - 2013-07-27 19:33 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Sony
2013-07-27 19:08 - 2013-07-27 19:25 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-07-27 18:58 - 2013-07-27 19:06 - 00181280 _____ C:\Windows\DPINST.LOG
2013-07-27 18:57 - 2013-07-27 19:27 - 00000000 ____D C:\Program Files (x86)\Sony
2013-07-27 18:57 - 2013-07-27 18:57 - 00000000 ____D C:\ProgramData\Sony
2013-07-27 18:53 - 2013-07-27 18:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-25 19:40 - 2013-07-25 19:41 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner (3)
2013-07-25 19:10 - 2013-07-25 19:11 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner (2)
2013-07-24 17:55 - 2013-07-24 17:55 - 00000000 ____D C:\Users\Ale x\Desktop\Starcraft theme
2013-07-21 00:08 - 2013-07-21 00:11 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-19 12:58 - 2013-07-19 12:58 - 00093628 _____ C:\Users\Ale x\Desktop\RedPower-2-Compat-1.4.7.zip
2013-07-14 22:33 - 2013-07-14 22:33 - 00000837 _____ C:\Users\Ale x\Desktop\Minecraft.exe - Verknüpfung (2).lnk
2013-07-14 21:59 - 2013-07-14 22:00 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-14 20:32 - 2013-07-14 20:32 - 00000222 _____ C:\Users\Michi\Desktop\Age of Empires II HD Edition.url
2013-07-14 08:05 - 2013-07-14 08:05 - 01067456 _____ (Solid State Networks) C:\Users\Michi\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-13 01:19 - 2013-07-20 17:10 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\Adobe
2013-07-13 01:08 - 2013-07-13 01:10 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 14:19 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 14:19 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 14:19 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 14:19 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 14:19 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 14:19 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 14:19 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 14:19 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 14:19 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 14:19 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:00 - 2013-07-10 13:00 - 00000218 _____ C:\Users\Ale x\Desktop\Team Fortress Classic.url
2013-07-10 12:47 - 2013-07-10 12:47 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Deathmatch Source.url
2013-07-10 12:43 - 2013-07-10 12:43 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Blue Shift.url
2013-07-10 11:07 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 11:07 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 11:07 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:07 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 11:07 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:07 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:07 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 10:57 - 2013-07-10 10:57 - 00000218 _____ C:\Users\Ale x\Desktop\Half-Life Opposing Force.url
2013-07-09 23:32 - 2013-07-09 23:32 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Source.url
2013-07-09 22:04 - 2013-07-28 05:03 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-07 06:09 - 2013-07-07 06:09 - 00108649 _____ C:\Users\Ale x\Desktop\alexmap.scm
116
==================== One Month Modified Files and Folders =======
2013-08-06 20:34 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 20:34 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 20:29 - 2012-10-09 19:19 - 01364936 _____ C:\Windows\WindowsUpdate.log
2013-08-06 20:26 - 2013-04-14 18:17 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\LogMeIn Hamachi
2013-08-06 20:26 - 2012-12-01 13:28 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-06 20:26 - 2012-11-03 22:20 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-06 20:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 20:25 - 2009-07-14 06:51 - 00099260 _____ C:\Windows\setupact.log
2013-08-06 20:10 - 2012-08-23 16:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 19:24 - 2013-08-06 19:18 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 19:09 - 2013-05-29 17:01 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 19:04 - 2013-08-06 19:03 - 09853928 _____ (SurfRight B.V.) C:\Users\Ale x\Desktop\HitmanPro_x64.exe
2013-08-06 19:04 - 2012-10-17 19:37 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC39038B-C2C4-4507-B2B5-60F31416CF4C}
2013-08-06 19:02 - 2013-08-06 19:02 - 00666633 _____ C:\Users\Ale x\Desktop\adwcleaner.exe
2013-08-06 19:02 - 2013-08-06 19:02 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\Ale x\Desktop\JRT.exe
2013-08-06 17:35 - 2012-12-29 20:48 - 00000000 ____D C:\Users\Michi\Desktop\WIN-XP
2013-08-06 17:22 - 2013-04-19 21:18 - 00000000 ____D C:\Users\Michi\AppData\Local\LogMeIn Hamachi
2013-08-06 02:45 - 2013-04-06 07:44 - 00000000 ___RD C:\Users\Ale x\Desktop\Spiele
2013-08-06 02:43 - 2013-08-06 02:43 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner
2013-08-06 01:53 - 2012-08-23 16:48 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-06 01:22 - 2013-03-21 22:22 - 00000000 ____D C:\Users\Ale x\9GAG
2013-08-05 22:56 - 2012-10-09 19:28 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DCE04F5E-C4DE-4E9C-BB15-571709D607DD}
2013-08-05 22:48 - 2010-11-21 05:47 - 00391380 _____ C:\Windows\PFRO.log
2013-08-05 22:14 - 2013-08-05 22:02 - 00000000 ____D C:\Qoobox
2013-08-05 22:14 - 2012-10-17 19:37 - 00000000 ___RD C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-05 22:13 - 2013-08-05 22:02 - 00000000 ____D C:\Windows\erdnt
2013-08-05 22:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-05 22:12 - 2012-10-17 19:37 - 00000000 ____D C:\Users\Ale x
2013-08-05 21:58 - 2012-08-23 16:51 - 00000000 ____D C:\ProgramData\Norton
2013-08-05 21:45 - 2012-08-23 16:35 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\ProgramData\PDFC
2013-08-05 21:32 - 2012-10-30 19:11 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\WildTangent
2013-08-05 21:32 - 2012-10-28 02:42 - 00000000 ____D C:\Users\Michi\AppData\Roaming\WildTangent
2013-08-05 21:32 - 2012-08-23 16:42 - 00000000 ____D C:\ProgramData\WildTangent
2013-08-05 21:30 - 2013-08-05 21:29 - 05100695 ____R (Swearware) C:\Users\Ale x\Desktop\ComboFix.exe
2013-08-05 21:27 - 2013-08-05 21:27 - 00001270 _____ C:\Users\Ale x\Desktop\Revo Uninstaller.lnk
2013-08-05 21:27 - 2013-08-05 21:27 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-05 21:26 - 2013-08-05 21:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ale x\Desktop\revosetup95.exe
2013-08-05 18:34 - 2012-10-28 03:33 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 17:10 - 2013-08-05 17:10 - 00000000 ____D C:\FRST
2013-08-05 17:09 - 2013-08-05 17:09 - 01788733 _____ (Farbar) C:\Users\Ale x\Desktop\FRST64.exe
2013-08-02 16:16 - 2013-08-02 15:30 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-08-02 15:30 - 2013-08-02 15:30 - 00000000 ____D C:\ProgramData\Picroma
2013-08-02 01:18 - 2013-08-02 00:29 - 00000000 ____D C:\Users\Ale x\Desktop\anno
2013-08-01 23:42 - 2013-03-08 22:07 - 00000000 ____D C:\Program Files (x86)\StarCraft
2013-07-31 23:37 - 2013-07-01 23:01 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\.minecraft
2013-07-31 21:40 - 2012-12-30 22:35 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2013-07-31 20:47 - 2013-07-31 20:46 - 03216358 _____ C:\Users\Ale x\Desktop\CubeDemo.zip
2013-07-31 19:54 - 2013-02-11 14:57 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\CrashDumps
2013-07-31 19:37 - 2013-02-27 14:22 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForAle x.job
2013-07-31 11:24 - 2013-02-27 14:22 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAle x
2013-07-31 11:24 - 2012-10-10 17:59 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-31 11:23 - 2012-12-05 19:03 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-31 11:22 - 2013-02-20 15:59 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\HpUpdate
2013-07-31 11:22 - 2013-02-20 15:59 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\HP Support Assistant
2013-07-30 18:10 - 2013-07-30 18:10 - 00000000 ____D C:\Users\Ale x\Desktop\Neue Welt----
2013-07-30 01:05 - 2013-07-30 01:05 - 00000000 ____D C:\Users\Ale x\DOSBoxPortable
2013-07-30 01:04 - 2012-08-23 16:16 - 00698322 _____ C:\Windows\system32\perfh007.dat
2013-07-30 01:04 - 2012-08-23 16:16 - 00148658 _____ C:\Windows\system32\perfc007.dat
2013-07-30 01:04 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 00:47 - 2013-07-30 00:47 - 00000000 ____D C:\Users\Ale x\Neue Welt----
2013-07-29 19:22 - 2012-10-09 19:22 - 00000000 ____D C:\Users\Michi
2013-07-29 14:03 - 2013-07-29 14:03 - 00000000 ____D C:\Users\Ale x\Desktop\Paddi
2013-07-28 05:03 - 2013-07-09 22:04 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-28 01:01 - 2013-07-28 01:01 - 00000000 ____D C:\Users\Ale x\Documents\PCSX2
2013-07-27 21:34 - 2012-11-02 19:01 - 00000000 ____D C:\Users\Michi\AppData\Local\CrashDumps
2013-07-27 19:35 - 2013-07-27 19:35 - 01211376 _____ (DVDVideoSoft Ltd. ) C:\Users\Michi\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-27 19:33 - 2013-07-27 19:08 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Sony
2013-07-27 19:30 - 2013-07-27 19:26 - 00000000 ____D C:\Users\Michi\AppData\Local\Sony
2013-07-27 19:29 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Michi\Podcasts
2013-07-27 19:29 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Michi\Documents\Media Go
2013-07-27 19:27 - 2013-07-27 18:57 - 00000000 ____D C:\Program Files (x86)\Sony
2013-07-27 19:26 - 2013-07-27 19:26 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-07-27 19:25 - 2013-07-27 19:25 - 00000000 ____D C:\Users\Michi\AppData\Local\Downloaded Installations
2013-07-27 19:25 - 2013-07-27 19:08 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-07-27 19:06 - 2013-07-27 18:58 - 00181280 _____ C:\Windows\DPINST.LOG
2013-07-27 18:57 - 2013-07-27 18:57 - 00000000 ____D C:\ProgramData\Sony
2013-07-27 18:57 - 2012-08-23 16:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-27 18:53 - 2013-07-27 18:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-25 19:41 - 2013-07-25 19:40 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner (3)
2013-07-25 19:11 - 2013-07-25 19:10 - 00000000 ____D C:\Users\Ale x\Desktop\Neuer Ordner (2)
2013-07-24 17:55 - 2013-07-24 17:55 - 00000000 ____D C:\Users\Ale x\Desktop\Starcraft theme
2013-07-24 13:54 - 2012-08-23 16:35 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-23 20:23 - 2013-04-20 15:22 - 00000000 ____D C:\Users\Ale x\Server
2013-07-23 18:37 - 2013-05-04 00:31 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Minecraft Version Changer
2013-07-21 00:11 - 2013-07-21 00:08 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-20 17:10 - 2013-07-13 01:19 - 00000000 ____D C:\Users\ALEX~1\AppData\Local\Adobe
2013-07-20 17:10 - 2012-08-23 16:42 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-20 17:10 - 2012-08-23 16:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-20 17:10 - 2012-08-23 16:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-20 08:55 - 2012-10-24 11:34 - 00000000 ___RD C:\Users\Ale x\Spiele
2013-07-19 12:58 - 2013-07-19 12:58 - 00093628 _____ C:\Users\Ale x\Desktop\RedPower-2-Compat-1.4.7.zip
2013-07-18 12:01 - 2013-04-09 18:02 - 00000000 ____D C:\Users\Ale x\Icons
2013-07-16 14:12 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-15 21:43 - 2013-07-06 23:10 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\.minecraft1.5.2
2013-07-14 22:33 - 2013-07-14 22:33 - 00000837 _____ C:\Users\Ale x\Desktop\Minecraft.exe - Verknüpfung (2).lnk
2013-07-14 22:02 - 2012-08-23 16:47 - 00100807 _____ C:\Windows\DirectX.log
2013-07-14 22:00 - 2013-07-14 21:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-14 20:32 - 2013-07-14 20:32 - 00000222 _____ C:\Users\Michi\Desktop\Age of Empires II HD Edition.url
2013-07-14 08:05 - 2013-07-14 08:05 - 01067456 _____ (Solid State Networks) C:\Users\Michi\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-13 01:26 - 2012-10-28 03:37 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-13 01:26 - 2012-10-28 03:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-13 01:26 - 2012-10-28 03:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-13 01:19 - 2012-10-29 14:03 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Adobe
2013-07-13 01:10 - 2013-07-13 01:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-10 15:53 - 2013-01-18 20:53 - 00000000 ____D C:\Users\Ale x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-10 14:40 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 14:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 14:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 14:40 - 2009-07-14 06:45 - 00306976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 14:39 - 2013-03-14 20:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 14:39 - 2013-03-14 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 13:00 - 2013-07-10 13:00 - 00000218 _____ C:\Users\Ale x\Desktop\Team Fortress Classic.url
2013-07-10 12:47 - 2013-07-10 12:47 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Deathmatch Source.url
2013-07-10 12:43 - 2013-07-10 12:43 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Blue Shift.url
2013-07-10 10:57 - 2013-07-10 10:57 - 00000218 _____ C:\Users\Ale x\Desktop\Half-Life Opposing Force.url
2013-07-09 23:32 - 2013-07-09 23:32 - 00000219 _____ C:\Users\Ale x\Desktop\Half-Life Source.url
2013-07-08 20:57 - 2013-05-03 20:15 - 00000000 ____D C:\Users\Ale x\doom 1
2013-07-07 17:16 - 2012-10-28 03:12 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMichi
2013-07-07 17:16 - 2012-10-28 03:12 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMichi.job
2013-07-07 06:09 - 2013-07-07 06:09 - 00108649 _____ C:\Users\Ale x\Desktop\alexmap.scm
2013-07-07 05:37 - 2013-02-13 22:29 - 00000000 ____D C:\Users\Ale x\Desktop\Repair
2013-07-07 04:31 - 2013-04-05 20:48 - 00000000 ____D C:\Users\Ale x\Desktop\Musik
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-24 19:16
==================== End Of Log ============================
|
|
| Themen zu C:\Windows\Installer\3ef28e.msi infiziert |
| administrator, anti-malware, autostart, bytes, bösartige, c:\windows, code, computer, dateien, erfolgreich, explorer, gelöscht, gen, infiziert, installer, maleware, malwarebytes, minute, pup.optional.sweetim, quarantäne, registrierung, service, speicher, version, vieren, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
