|
Log-Analyse und Auswertung: Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile postenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.08.2013, 17:37 | #1 |
| Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten ich habe beim booten von windows ein weißes fenster und im Tasgmanager den Polizeihinweis- hintergrund. ich habe alle schritte bereits durchgearbeitet und würde nun gern meinen logfile posten |
29.08.2013, 17:54 | #2 |
/// the machine /// TB-Ausbilder | Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten hi,
__________________dann poste mal So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
29.08.2013, 18:32 | #3 |
| Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013 Ran by SYSTEM on 29-08-2013 18:14:04 Running from H:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [GrooveMonitor] - "E:\Office\Office12\GrooveMonitor.exe" [x] HKU\Pc\...\Run: [Steam] - "E:\Steam\Steam.exe" -silent [x] HKU\Pc\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKU\Pc\...\Winlogon: [Shell] explorer.exe,C:\Users\Pc\AppData\Roaming\cache.dat [117760 2013-07-08] () <==== ATTENTION AppInit_DLLs-x32: c:\progra~2\savesh~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll [1050112 2013-01-24] () ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-06] (BitRaider, LLC) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-08-22] (Taiwan Shui Mu Chih Ching Technology Limited.) S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.) S3 Microsoft Office Groove Audit Service; E:\Office\Office12\GrooveAuditService.exe [x] ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] () S1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group) S1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [x] S3 BSMI; \??\C:\Program Files (x86)\Tseries BIOS Update\BSMIx64.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys FEF046400B75C4495AEC3D8A8CCE6014 C:\Windows\System32\drivers\ACPI.sys F84676C7D6684E86D3F05B2C5E9019B1 C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 79CC9BE187E3144E1B58A54B842475E7 C:\Windows\System32\DRIVERS\atikmpag.sys 07561D3B7FD99F6E186C49C2D0628E38 C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys FE1C253B40DF210E1CC29EE5A3DB53E6 C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\Drivers\aswFsBlk.sys 0BAEFD3F648C6E7AB52990DD9565E4E2 C:\Windows\system32\drivers\aswMonFlt.sys FA562F34ED6633C66170B09182B4C049 C:\Windows\System32\Drivers\aswrdr2.sys 64E2BAB4096C13D2342BC4661C967E07 C:\Windows\System32\Drivers\aswRvrt.sys 5573AA70993A2BB81525B1C704B88763 C:\Windows\System32\Drivers\aswSnx.sys 8C0800CDB501CFC1164B286A0478DC10 C:\Windows\System32\Drivers\aswSP.sys 3815DB16CDA62190F5C0A65118F3D714 C:\Windows\System32\Drivers\aswTdi.sys 29DD8E458A84171202AA4979364C30C0 C:\Windows\System32\Drivers\aswVmm.sys 22F521108881DC59837F6FC614E0568F C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys ED3A041014FBBFDC23D6C04F9C7A5D79 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BSMEM.sys 49FE3D1F3D5C2E50A0DF0F6E8436D778 C:\Windows\system32\drivers\BSMEM.sys 49FE3D1F3D5C2E50A0DF0F6E8436D778 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys D50B14C87DDD0068BFF6F103A7A0FFEE C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys DE76D8886D588D76D2FF1142BFD733C6 C:\Windows\System32\Drivers\dfsc.sys 9FCDC4EEBCE39173122F9FEE53A054FC C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys FEC8B6CFA1813471ED30D88233EFA10F C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys FDF5EAD19FD8B2D0C50A9CCDD7836F9E C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys 8774FA7B32947E08F926099D2221D625 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys 3CB3DBEECB9672698B5C1A6EAB2940B0 C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 93BAB494589382B1D54FCF125CEAB49D C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys 3985332405FA64D8E679A1DB24901596 C:\Windows\System32\Drivers\ksecdd.sys E2A74E21F4362A36C5610CAE4FA0B3F7 C:\Windows\System32\Drivers\ksecpkg.sys 2D466699839F92FD5B5BFF734A391291 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys BFFB0C93D9FB43CA42EF11C9240BFF7F C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys B3F55C20008956239A2190DBD7CC4C31 C:\Windows\system32\drivers\mpio.sys 3253A370ED4BB3D651785585301B332D C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys DC65ADF532B7CD3622AE47CE29C052E0 C:\Windows\System32\DRIVERS\mrxsmb.sys 73F488BC627CB0AC91840AA9FAC30104 C:\Windows\System32\DRIVERS\mrxsmb10.sys 311B774EC01B8BE17C9508049EA77875 C:\Windows\System32\DRIVERS\mrxsmb20.sys E4488209DEA21A52AFE086D939D138F1 C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys 4F42C9CE2BD3444B1B98593A2DFBC547 C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys 4948435B96A6FA63914DA3B4090E6700 C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys 6785ECF9AB0549364B12D2F80ABF507B C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys 436EE51D8F206B79DF7B9CBB057299C0 C:\Windows\System32\Drivers\Ntfs.sys A6AE4551BF8EED09FA3B6FCDF472F3E1 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys 977D0720B9E15C2C9BF6050BCA52C1A7 C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys D8874711B6C3DD308F84E42BA6EFF179 C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys 77682DE44B334E6AAFCD0ED61FB7404F C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys 70DB12930F84CF947BDAA32B83978393 C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys 9E53D41BD99BEB981180978C4AE0BDEB C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys A115F49BEA840A5F049BC6310F35F776 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5 C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys CDF622EFC748F82EA9571138406871EA C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys C3D57658C34C68DB5D8970A1CF96284E C:\Windows\system32\drivers\sffp_mmc.sys 21EACBEFFFB0FB4999D3D10245CF10A5 C:\Windows\system32\drivers\sffp_sd.sys AF660EA3039E8FE3C2051D7224C82F34 C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 218F6F1BD7ED3F2167759E6A9C9DDD53 C:\Windows\System32\DRIVERS\srv2.sys B4068F3DF10D87FF1E935C5E53A5E0E9 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys B27F13153343BC37A27EAE01634D94E1 C:\Windows\System32\DRIVERS\tcpip.sys B27F13153343BC37A27EAE01634D94E1 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys 1288D7F75DD594D270324ABE877830E6 C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\DRIVERS\tunnel.sys 5AF0E7D020F6CA55AC57CD89AE089673 C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys 7397C449E1C74AC9F41A9004BCAD6CB0 C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\drivers\usbaudio.sys ADC6BDFDF282B283BCD33C3322AC8008 C:\Windows\System32\DRIVERS\usbccgp.sys 2B26FCB7C634C49313FD72120FB9946E C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys AA68C758B3F225618A5FD1ED40C383C4 C:\Windows\System32\DRIVERS\usbhub.sys 66E1EF753543785D7E2C44719B2C5DAD C:\Windows\system32\drivers\usbohci.sys B26ACA4784AD1295C25A7501FD4AB79E C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS 73B84C8CE467E81A94D4194F8009F2A0 C:\Windows\System32\DRIVERS\usbuhci.sys 35944CFF264134FFD2E7EED0F8B81A56 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys 2E9907E787CDAFA2AAA7F928853B7142 C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys 80E731A278695B47345D0171A19E428B C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys 7643697199083A8517D44E3F5FCD2D90 C:\Windows\System32\drivers\volmgrx.sys 0904EF550B3D3FEB326638A4BAD9937E C:\Windows\System32\drivers\volsnap.sys ABFECA99D72CE81E5C3612861F03B0CA C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 226028D956C43CE4D8DDFFA89873E890 C:\Windows\System32\DRIVERS\wanarp.sys 226028D956C43CE4D8DDFFA89873E890 C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys B1FC27C1066B74839E61CB73FF7E0378 C:\Windows\System32\DRIVERS\wfplwf.sys 009604986BAE004733728282BD98BB03 C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys 04F908311A08F1196C1D37BFCF5E688F C:\Windows\System32\DRIVERS\WUDFRd.sys B310186EBCCD4BC4A3BDD12676E2A4F9 C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-29 16:18 - 2013-08-29 16:18 - 00001931 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-26 17:15 - 2013-08-26 17:15 - 00003240 ____N C:\bootsqm.dat 2013-08-26 11:31 - 2013-08-29 16:28 - 00000004 _____ C:\Users\Pc\AppData\Roaming\cache.ini 2013-08-26 11:25 - 2013-08-26 11:26 - 00057182 _____ C:\Users\Pc\Downloads\video.hd.zip 2013-08-25 16:09 - 2013-08-25 16:09 - 03249480 _____ (Unity Technologies ApS) C:\Users\Pc\Downloads\UnityWebPlayer(1).exe 2013-08-25 16:07 - 2013-08-26 11:13 - 00000000 ____D C:\Users\Pc\AppData\Local\Unity 2013-08-25 16:07 - 2013-08-25 16:07 - 03249480 _____ (Unity Technologies ApS) C:\Users\Pc\Downloads\UnityWebPlayer.exe 2013-08-25 10:29 - 2013-08-25 14:39 - 00000000 ____D C:\Users\Pc\AppData\Roaming\GetRightToGo 2013-08-25 10:28 - 2013-08-25 10:28 - 00438096 _____ ( gamigo AG) C:\Users\Pc\Downloads\KingofKings3Downloader.exe 2013-08-25 07:35 - 2013-08-25 08:03 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DMCache 2013-08-25 07:35 - 2013-08-25 07:43 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IDM 2013-08-25 07:35 - 2013-08-25 07:35 - 00000000 ____D C:\ProgramData\IDM 2013-08-25 07:34 - 2013-08-25 08:04 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2013-08-24 12:37 - 2013-08-24 12:37 - 00000561 _____ C:\Users\Pc\Desktop\Pictures - Verknüpfung.lnk 2013-08-24 12:36 - 2013-08-24 12:36 - 00000000 ____D C:\Users\Pc\Desktop\Video 2013-08-24 05:56 - 2013-08-24 05:56 - 00000000 ____D C:\Windows\System32\appmgmt 2013-08-23 18:34 - 2013-08-25 08:11 - 00000386 _____ C:\Users\Pc\Documents\eurotrucks2.CT 2013-08-23 18:27 - 2013-08-23 18:27 - 00001098 _____ C:\Users\Pc\Desktop\Cheat Engine.lnk 2013-08-23 18:27 - 2013-08-23 18:27 - 00000000 ____D C:\Users\Pc\Documents\My Cheat Tables 2013-08-23 18:27 - 2013-08-23 18:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3 2013-08-23 14:45 - 2013-08-23 14:45 - 00000000 _____ C:\end 2013-08-22 20:33 - 2013-08-29 15:46 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-08-22 20:33 - 2013-08-23 15:36 - 00000000 ____D C:\Users\Pc\AppData\Roaming\WinZipper 2013-08-22 15:45 - 2013-08-22 15:45 - 00000054 _____ C:\Users\Pc\AppData\Roaming\WB.CFG 2013-08-22 15:45 - 2013-08-22 15:45 - 00000005 _____ C:\Users\Pc\AppData\Roaming\WBPU-TTL.DAT 2013-08-22 14:51 - 2013-08-22 14:51 - 00000000 ____D C:\Users\Pc\Desktop\Alte Firefox-Daten 2013-08-22 14:45 - 2013-08-29 15:46 - 00000000 ____D C:\ProgramData\eSafe 2013-08-22 14:45 - 2013-08-25 18:45 - 00000278 _____ C:\Windows\Tasks\Dealply.job 2013-08-22 14:45 - 2013-08-24 06:50 - 00000000 ____D C:\Program Files (x86)\DealPlyLive 2013-08-22 14:45 - 2013-08-24 05:57 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-08-22 14:45 - 2013-08-22 14:45 - 00003206 _____ C:\Windows\System32\Tasks\Dealply 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DSite 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Dealply 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\Users\Pc\AppData\Local\DealPlyLive 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\User Data 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\ProgramData\DealPlyLive 2013-08-18 20:33 - 2013-08-18 20:33 - 00000000 ____D C:\Users\Pc\AppData\Local\avgchrome 2013-08-18 20:24 - 2013-08-18 20:33 - 00000000 ____D C:\ProgramData\Freemake 2013-08-18 20:24 - 2013-08-18 20:24 - 00000000 ____D C:\Users\Pc\Documents\Freemake 2013-08-18 20:23 - 2013-08-23 18:27 - 00000000 ____D C:\Users\Pc\AppData\Roaming\OpenCandy 2013-08-18 20:23 - 2013-08-18 20:33 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-08-18 19:45 - 2013-08-18 19:57 - 02724828 _____ C:\Users\Pc\Documents\08 16 Dollars.wma 2013-08-18 19:31 - 2013-08-18 19:41 - 04583358 _____ C:\Users\Pc\Documents\06 7 Shots.wma 2013-08-17 15:30 - 2013-08-17 21:42 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Kalypso Media 2013-08-17 15:25 - 2013-08-17 15:25 - 00000000 ____D C:\Program Files (x86)\Kalypso Media 2013-08-17 15:22 - 2013-08-18 21:15 - 01589618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-17 15:06 - 2013-08-17 15:06 - 00000760 _____ C:\Users\Pc\Desktop\Landwirtschafts Simulator 2011 .lnk 2013-08-17 07:55 - 2013-08-17 12:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 10:11 - 2013-08-15 10:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Risen2 2013-08-15 10:06 - 2013-08-15 10:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-15 10:04 - 2013-08-15 10:05 - 00017361 _____ C:\Windows\DirectX.log 2013-08-14 14:33 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-14 14:33 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-14 14:33 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-14 14:33 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-14 14:33 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-14 14:33 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 14:33 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 14:33 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 14:33 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 14:33 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 14:33 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-14 14:33 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 14:17 - 2013-08-18 11:58 - 00000000 ____D C:\ProgramData\savenshaarrea 2013-08-14 14:12 - 2013-08-14 14:19 - 00000000 ____D C:\Program Files (x86)\WebSearch 2013-08-14 14:11 - 2013-08-18 11:58 - 00000000 ____D C:\ProgramData\saveNshaRRe 2013-08-14 14:11 - 2013-08-14 14:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Google 2013-08-14 14:11 - 2013-08-14 14:11 - 00000000 ____D C:\ProgramData\BetterSoft 2013-08-14 12:44 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-14 12:44 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 12:44 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-14 12:44 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 12:44 - 2013-07-09 15:51 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-14 12:44 - 2013-07-09 15:51 - 00189440 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll 2013-08-14 12:44 - 2013-07-09 15:47 - 01472000 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-14 12:44 - 2013-07-09 15:47 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-14 12:44 - 2013-07-09 15:47 - 00141824 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-14 12:44 - 2013-07-09 15:02 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 12:44 - 2013-07-09 15:01 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2013-08-14 12:44 - 2013-07-09 14:57 - 01167360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 12:44 - 2013-07-09 14:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 12:44 - 2013-07-09 14:57 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 12:44 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-14 12:44 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 12:44 - 2013-07-08 06:22 - 05554624 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-14 12:44 - 2013-07-08 06:20 - 01737688 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-14 12:44 - 2013-07-08 06:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-08-14 12:44 - 2013-07-08 06:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-08-14 12:44 - 2013-07-08 06:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-08-14 12:44 - 2013-07-08 06:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-08-14 12:44 - 2013-07-08 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-08-14 12:44 - 2013-07-08 06:14 - 01162240 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-08-14 12:44 - 2013-07-08 06:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-08-14 12:44 - 2013-07-08 06:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00058368 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:08 - 03973056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 12:44 - 2013-07-08 06:08 - 03918272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 12:44 - 2013-07-08 06:06 - 01296312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 12:44 - 2013-07-08 06:06 - 00117760 _____ C:\Users\Pc\AppData\Roaming\cache.dat 2013-08-14 12:44 - 2013-07-08 06:05 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-08-14 12:44 - 2013-07-08 06:05 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-08-14 12:44 - 2013-07-08 06:05 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 04:31 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe 2013-08-14 12:44 - 2013-07-08 04:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys 2013-08-14 12:44 - 2013-07-08 04:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe 2013-08-14 12:44 - 2013-07-08 04:12 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-08-14 12:44 - 2013-07-08 04:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 12:44 - 2013-07-08 04:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 12:44 - 2013-07-08 04:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 12:44 - 2013-07-08 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 12:44 - 2013-07-08 04:02 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 04:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 04:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 04:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 03:50 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-08-14 12:44 - 2013-07-06 06:20 - 01900992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-14 12:44 - 2013-07-06 06:20 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2013-08-14 12:44 - 2013-07-06 06:20 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-08-14 12:44 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-10 22:28 - 2013-08-26 11:34 - 00014728 _____ C:\Windows\PFRO.log 2013-08-10 16:17 - 2013-08-10 16:17 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-10 16:16 - 2013-08-10 16:16 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Babylon 2013-08-10 16:16 - 2013-08-10 16:16 - 00000000 ____D C:\ProgramData\Babylon 2013-08-10 14:29 - 2013-08-10 14:29 - 00000000 ____D C:\ProgramData\StarApp 2013-08-10 14:28 - 2013-08-29 16:24 - 00000410 ____H C:\Windows\Tasks\schedule!3036567561.job 2013-08-10 14:28 - 2013-08-14 14:11 - 00002704 _____ C:\Windows\System32\Tasks\schedule!3036567561 2013-08-10 14:27 - 2013-08-14 14:20 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-08-10 14:27 - 2013-08-14 14:19 - 00000000 ____D C:\Program Files (x86)\SaveShare 2013-08-10 14:25 - 2013-08-14 14:19 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-10 09:05 - 2013-08-10 09:05 - 00000641 _____ C:\Users\Pc\Documents\Uninstall STAR WARS The Old Republic.log 2013-08-10 09:04 - 2013-08-10 09:05 - 00000000 ____D C:\Program Files (x86)\plaync 2013-08-09 16:25 - 2013-08-09 16:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Chromium 2013-08-09 15:18 - 2013-08-29 16:24 - 00004652 _____ C:\Windows\setupact.log 2013-08-09 15:18 - 2013-08-09 15:18 - 00000000 _____ C:\Windows\setuperr.log 2013-08-07 18:23 - 2013-08-07 18:23 - 00000025 _____ C:\Users\Pc\Desktop\options.ini 2013-08-07 18:23 - 2013-07-09 01:47 - 00575029 _____ C:\Users\Pc\Desktop\left4uncut.exe 2013-08-06 21:06 - 2013-08-10 09:06 - 00000000 ____D C:\ProgramData\BitRaider 2013-08-06 21:06 - 2013-08-06 21:06 - 00000000 ____D C:\Users\Public\Documents\BitRaider 2013-08-06 21:05 - 2013-08-06 21:05 - 00000000 ____D C:\Users\Pc\AppData\Local\SWTORPerf 2013-08-06 20:56 - 2013-08-06 20:57 - 00016608 _____ C:\Users\Pc\Documents\Install STAR WARS The Old Republic.log 2013-08-06 20:56 - 2013-08-06 20:56 - 00000000 ____D C:\users\hedev 2013-08-06 18:42 - 2013-08-06 21:20 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TS3Client 2013-08-06 18:42 - 2013-08-06 18:42 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-08-06 18:42 - 2013-08-06 18:42 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-08-06 18:39 - 2013-08-16 07:59 - 00000169 _____ C:\Users\Pc\Desktop\Microcomandos.txt 2013-08-04 19:26 - 2013-08-04 19:26 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-07-31 05:59 - 2010-06-02 03:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll 2013-07-31 05:59 - 2010-06-02 03:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll 2013-07-31 05:59 - 2010-06-02 03:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll 2013-07-31 05:59 - 2010-05-26 10:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll 2013-07-31 05:59 - 2010-05-26 10:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll 2013-07-31 05:59 - 2010-05-26 10:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll 2013-07-31 05:59 - 2010-05-26 10:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll 2013-07-31 05:59 - 2010-05-26 10:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll 2013-07-31 05:59 - 2010-02-04 09:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll 2013-07-31 05:59 - 2010-02-04 09:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2013-07-31 05:59 - 2010-02-04 09:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2013-07-31 05:59 - 2010-02-04 09:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll 2013-07-31 05:59 - 2010-02-04 09:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll 2013-07-31 05:59 - 2010-02-04 09:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2013-07-31 05:59 - 2010-02-04 09:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll 2013-07-31 05:59 - 2010-02-04 09:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2013-07-31 05:59 - 2009-09-04 16:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll 2013-07-31 05:59 - 2009-09-04 16:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2013-07-31 05:59 - 2009-09-04 16:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2013-07-31 05:59 - 2009-09-04 16:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll 2013-07-31 05:59 - 2009-09-04 16:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll 2013-07-31 05:59 - 2009-09-04 16:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2013-07-31 05:59 - 2009-09-04 16:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll 2013-07-31 05:59 - 2009-09-04 16:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2013-07-31 05:59 - 2009-09-04 16:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll 2013-07-31 05:59 - 2009-09-04 16:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll 2013-07-31 05:59 - 2009-09-04 16:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2013-07-31 05:59 - 2009-09-04 16:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll 2013-07-31 05:59 - 2009-09-04 16:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll 2013-07-31 05:59 - 2009-09-04 16:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2013-07-31 05:59 - 2008-10-27 09:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll 2013-07-31 05:59 - 2008-10-27 09:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2013-07-31 05:59 - 2008-10-27 09:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2013-07-31 05:59 - 2008-10-27 09:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll 2013-07-31 05:59 - 2008-10-27 09:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll 2013-07-31 05:59 - 2008-10-27 09:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2013-07-31 05:59 - 2008-10-27 09:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll 2013-07-31 05:59 - 2008-10-27 09:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2013-07-31 05:59 - 2008-07-31 09:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2013-07-31 05:59 - 2008-07-31 09:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll 2013-07-31 05:59 - 2008-07-31 09:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll 2013-07-31 05:59 - 2008-07-31 09:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2013-07-31 05:59 - 2008-07-31 09:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll 2013-07-31 05:59 - 2008-07-31 09:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2013-07-31 05:44 - 2013-07-31 05:44 - 00000000 ____D C:\Users\Pc\AppData\Roaming\SOAGames 2013-07-30 18:17 - 2013-07-30 18:17 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Day 1 Studios 2013-07-30 17:16 - 2010-06-02 03:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2013-07-30 17:16 - 2010-06-02 03:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2013-07-30 17:16 - 2010-06-02 03:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2013-07-30 17:16 - 2010-05-26 10:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-07-30 17:16 - 2010-05-26 10:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2013-07-30 17:16 - 2010-05-26 10:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2013-07-30 17:16 - 2010-05-26 10:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2013-07-30 17:16 - 2010-05-26 10:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2013-07-30 17:16 - 2009-09-04 16:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2013-07-30 14:23 - 2013-08-25 15:36 - 00000000 ____D C:\Users\Pc\Documents\Euro Truck Simulator 2 2013-07-30 09:20 - 2013-07-30 09:20 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2013-07-30 08:56 - 2013-07-30 08:56 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2013-07-30 06:43 - 2013-08-29 16:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-30 06:43 - 2013-07-30 07:13 - 00002055 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-07-30 06:43 - 2013-07-30 07:13 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-07-30 06:43 - 2013-07-30 06:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-30 06:43 - 2013-07-30 06:43 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Macromedia 2013-07-30 06:43 - 2013-07-30 06:43 - 00000000 ____D C:\Users\Pc\AppData\Local\Macromedia 2013-07-30 06:43 - 2013-07-30 06:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-30 06:43 - 2013-07-30 06:43 - 00000000 ____D C:\ProgramData\McAfee ==================== One Month Modified Files and Folders ======= 2013-08-29 18:13 - 2013-08-29 18:13 - 00000000 ____D C:\FRST 2013-08-29 16:28 - 2013-08-26 11:31 - 00000004 _____ C:\Users\Pc\AppData\Roaming\cache.ini 2013-08-29 16:28 - 2013-07-17 00:27 - 01599885 _____ C:\Windows\WindowsUpdate.log 2013-08-29 16:28 - 2009-07-14 05:45 - 00021088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-29 16:28 - 2009-07-14 05:45 - 00021088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-29 16:26 - 2013-07-29 19:50 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Skype 2013-08-29 16:24 - 2013-08-10 14:28 - 00000410 ____H C:\Windows\Tasks\schedule!3036567561.job 2013-08-29 16:24 - 2013-08-09 15:18 - 00004652 _____ C:\Windows\setupact.log 2013-08-29 16:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-29 16:23 - 2013-07-30 06:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-29 16:18 - 2013-08-29 16:18 - 00001931 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-29 16:18 - 2013-07-17 15:24 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-29 16:18 - 2013-07-17 15:24 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-29 15:46 - 2013-08-22 20:33 - 00000000 ____D C:\Program Files (x86)\WinZipper 2013-08-29 15:46 - 2013-08-22 14:45 - 00000000 ____D C:\ProgramData\eSafe 2013-08-26 17:15 - 2013-08-26 17:15 - 00003240 ____N C:\bootsqm.dat 2013-08-26 11:34 - 2013-08-10 22:28 - 00014728 _____ C:\Windows\PFRO.log 2013-08-26 11:26 - 2013-08-26 11:25 - 00057182 _____ C:\Users\Pc\Downloads\video.hd.zip 2013-08-26 11:13 - 2013-08-25 16:07 - 00000000 ____D C:\Users\Pc\AppData\Local\Unity 2013-08-25 18:45 - 2013-08-22 14:45 - 00000278 _____ C:\Windows\Tasks\Dealply.job 2013-08-25 16:09 - 2013-08-25 16:09 - 03249480 _____ (Unity Technologies ApS) C:\Users\Pc\Downloads\UnityWebPlayer(1).exe 2013-08-25 16:07 - 2013-08-25 16:07 - 03249480 _____ (Unity Technologies ApS) C:\Users\Pc\Downloads\UnityWebPlayer.exe 2013-08-25 15:36 - 2013-07-30 14:23 - 00000000 ____D C:\Users\Pc\Documents\Euro Truck Simulator 2 2013-08-25 14:39 - 2013-08-25 10:29 - 00000000 ____D C:\Users\Pc\AppData\Roaming\GetRightToGo 2013-08-25 10:28 - 2013-08-25 10:28 - 00438096 _____ ( gamigo AG) C:\Users\Pc\Downloads\KingofKings3Downloader.exe 2013-08-25 08:11 - 2013-08-23 18:34 - 00000386 _____ C:\Users\Pc\Documents\eurotrucks2.CT 2013-08-25 08:04 - 2013-08-25 07:34 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2013-08-25 08:03 - 2013-08-25 07:35 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DMCache 2013-08-25 07:43 - 2013-08-25 07:35 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IDM 2013-08-25 07:35 - 2013-08-25 07:35 - 00000000 ____D C:\ProgramData\IDM 2013-08-24 12:40 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\System32\perfh007.dat 2013-08-24 12:40 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\System32\perfc007.dat 2013-08-24 12:40 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-24 12:37 - 2013-08-24 12:37 - 00000561 _____ C:\Users\Pc\Desktop\Pictures - Verknüpfung.lnk 2013-08-24 12:36 - 2013-08-24 12:36 - 00000000 ____D C:\Users\Pc\Desktop\Video 2013-08-24 06:50 - 2013-08-22 14:45 - 00000000 ____D C:\Program Files (x86)\DealPlyLive 2013-08-24 05:57 - 2013-08-22 14:45 - 00000000 ____D C:\Program Files (x86)\DealPly 2013-08-24 05:56 - 2013-08-24 05:56 - 00000000 ____D C:\Windows\System32\appmgmt 2013-08-23 18:27 - 2013-08-23 18:27 - 00001098 _____ C:\Users\Pc\Desktop\Cheat Engine.lnk 2013-08-23 18:27 - 2013-08-23 18:27 - 00000000 ____D C:\Users\Pc\Documents\My Cheat Tables 2013-08-23 18:27 - 2013-08-23 18:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3 2013-08-23 18:27 - 2013-08-18 20:23 - 00000000 ____D C:\Users\Pc\AppData\Roaming\OpenCandy 2013-08-23 15:36 - 2013-08-22 20:33 - 00000000 ____D C:\Users\Pc\AppData\Roaming\WinZipper 2013-08-23 14:45 - 2013-08-23 14:45 - 00000000 _____ C:\end 2013-08-22 20:33 - 2011-02-19 22:03 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-08-22 20:33 - 2011-02-18 23:40 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-08-22 15:45 - 2013-08-22 15:45 - 00000054 _____ C:\Users\Pc\AppData\Roaming\WB.CFG 2013-08-22 15:45 - 2013-08-22 15:45 - 00000005 _____ C:\Users\Pc\AppData\Roaming\WBPU-TTL.DAT 2013-08-22 14:51 - 2013-08-22 14:51 - 00000000 ____D C:\Users\Pc\Desktop\Alte Firefox-Daten 2013-08-22 14:45 - 2013-08-22 14:45 - 00003206 _____ C:\Windows\System32\Tasks\Dealply 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DSite 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Dealply 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\Users\Pc\AppData\Local\DealPlyLive 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\User Data 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\ProgramData\DealPlyLive 2013-08-18 21:15 - 2013-08-17 15:22 - 01589618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-18 20:33 - 2013-08-18 20:33 - 00000000 ____D C:\Users\Pc\AppData\Local\avgchrome 2013-08-18 20:33 - 2013-08-18 20:24 - 00000000 ____D C:\ProgramData\Freemake 2013-08-18 20:33 - 2013-08-18 20:23 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-08-18 20:24 - 2013-08-18 20:24 - 00000000 ____D C:\Users\Pc\Documents\Freemake 2013-08-18 19:57 - 2013-08-18 19:45 - 02724828 _____ C:\Users\Pc\Documents\08 16 Dollars.wma 2013-08-18 19:41 - 2013-08-18 19:31 - 04583358 _____ C:\Users\Pc\Documents\06 7 Shots.wma 2013-08-18 11:58 - 2013-08-14 14:17 - 00000000 ____D C:\ProgramData\savenshaarrea 2013-08-18 11:58 - 2013-08-14 14:11 - 00000000 ____D C:\ProgramData\saveNshaRRe 2013-08-18 08:13 - 2013-07-22 06:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-17 21:42 - 2013-08-17 15:30 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Kalypso Media 2013-08-17 15:37 - 2013-07-18 21:42 - 00000000 ____D C:\Users\Pc\Documents\My Games 2013-08-17 15:25 - 2013-08-17 15:25 - 00000000 ____D C:\Program Files (x86)\Kalypso Media 2013-08-17 15:06 - 2013-08-17 15:06 - 00000760 _____ C:\Users\Pc\Desktop\Landwirtschafts Simulator 2011 .lnk 2013-08-17 12:52 - 2013-08-17 07:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-16 07:59 - 2013-08-06 18:39 - 00000169 _____ C:\Users\Pc\Desktop\Microcomandos.txt 2013-08-16 07:59 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-08-15 10:11 - 2013-08-15 10:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Risen2 2013-08-15 10:06 - 2013-08-15 10:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-15 10:05 - 2013-08-15 10:04 - 00017361 _____ C:\Windows\DirectX.log 2013-08-14 14:55 - 2013-07-17 01:23 - 00000000 ____D C:\Windows\Panther 2013-08-14 14:27 - 2013-07-18 22:16 - 00000000 ____D C:\Windows\System32\MRT 2013-08-14 14:25 - 2013-07-17 01:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-14 14:20 - 2013-08-10 14:27 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-08-14 14:19 - 2013-08-14 14:12 - 00000000 ____D C:\Program Files (x86)\WebSearch 2013-08-14 14:19 - 2013-08-10 14:27 - 00000000 ____D C:\Program Files (x86)\SaveShare 2013-08-14 14:19 - 2013-08-10 14:25 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-14 14:11 - 2013-08-14 14:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Google 2013-08-14 14:11 - 2013-08-14 14:11 - 00000000 ____D C:\ProgramData\BetterSoft 2013-08-14 14:11 - 2013-08-10 14:28 - 00002704 _____ C:\Windows\System32\Tasks\schedule!3036567561 2013-08-10 16:17 - 2013-08-10 16:17 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-10 16:17 - 2013-07-17 00:33 - 00000000 ____D C:\users\Pc 2013-08-10 16:16 - 2013-08-10 16:16 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Babylon 2013-08-10 16:16 - 2013-08-10 16:16 - 00000000 ____D C:\ProgramData\Babylon 2013-08-10 14:29 - 2013-08-10 14:29 - 00000000 ____D C:\ProgramData\StarApp 2013-08-10 09:06 - 2013-08-06 21:06 - 00000000 ____D C:\ProgramData\BitRaider 2013-08-10 09:05 - 2013-08-10 09:05 - 00000641 _____ C:\Users\Pc\Documents\Uninstall STAR WARS The Old Republic.log 2013-08-10 09:05 - 2013-08-10 09:04 - 00000000 ____D C:\Program Files (x86)\plaync 2013-08-09 16:25 - 2013-08-09 16:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Chromium 2013-08-09 15:18 - 2013-08-09 15:18 - 00000000 _____ C:\Windows\setuperr.log 2013-08-07 18:23 - 2013-08-07 18:23 - 00000025 _____ C:\Users\Pc\Desktop\options.ini 2013-08-06 21:44 - 2013-07-17 15:26 - 00000000 ____D C:\Program Files\CCleaner 2013-08-06 21:20 - 2013-08-06 18:42 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TS3Client 2013-08-06 21:06 - 2013-08-06 21:06 - 00000000 ____D C:\Users\Public\Documents\BitRaider 2013-08-06 21:05 - 2013-08-06 21:05 - 00000000 ____D C:\Users\Pc\AppData\Local\SWTORPerf 2013-08-06 20:57 - 2013-08-06 20:56 - 00016608 _____ C:\Users\Pc\Documents\Install STAR WARS The Old Republic.log 2013-08-06 20:56 - 2013-08-06 20:56 - 00000000 ____D C:\users\hedev 2013-08-06 18:42 - 2013-08-06 18:42 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-08-06 18:42 - 2013-08-06 18:42 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-08-04 19:26 - 2013-08-04 19:26 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-07-31 05:44 - 2013-07-31 05:44 - 00000000 ____D C:\Users\Pc\AppData\Roaming\SOAGames 2013-07-30 18:17 - 2013-07-30 18:17 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Day 1 Studios 2013-07-30 14:22 - 2013-07-18 21:40 - 00000000 ____D C:\Users\Pc\AppData\Roaming\WinRAR 2013-07-30 09:20 - 2013-07-30 09:20 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2013-07-30 08:56 - 2013-07-30 08:56 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2013-07-30 07:13 - 2013-07-30 06:43 - 00002055 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-07-30 07:13 - 2013-07-30 06:43 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-07-30 06:45 - 2013-07-30 06:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-30 06:45 - 2013-07-18 21:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-30 06:45 - 2013-07-17 15:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-30 06:45 - 2013-07-17 15:22 - 00000000 ____D C:\Users\Pc\AppData\Local\Adobe 2013-07-30 06:43 - 2013-07-30 06:43 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Macromedia 2013-07-30 06:43 - 2013-07-30 06:43 - 00000000 ____D C:\Users\Pc\AppData\Local\Macromedia 2013-07-30 06:43 - 2013-07-30 06:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-30 06:43 - 2013-07-30 06:43 - 00000000 ____D C:\ProgramData\McAfee 2013-07-30 06:35 - 2013-07-17 23:44 - 00003126 _____ C:\Windows\System32\Tasks\FRAPS 2013-07-30 06:33 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD Files to move or delete: ==================== C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\Setup.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\VisualCRT\vc2008redist_x86.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\DSETUP.dll C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\dsetup32.dll C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\DXSETUP.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\data\Star Wars - The Old Republic Uninstaller.exe C:\Users\Pc\AppData\Roaming\cache.dat C:\Users\Pc\AppData\Roaming\cache.ini C:\Users\Pc\AppData\Local\Temp\FreemakeVideoDownloader_3.5.3.3.exe C:\Users\Pc\AppData\Local\Temp\Tsu5B14192F.dll C:\Users\Pc\AppData\Local\Temp\TsuDB9AE859.dll C:\Users\Pc\AppData\Local\Temp\{F432FB64-5DA6-4811-AAFA-15842FD1D992}\Custom.dll C:\Users\Pc\AppData\Local\Temp\{F432FB64-5DA6-4811-AAFA-15842FD1D992}\Setup.exe C:\Users\Pc\AppData\Local\Temp\{F432FB64-5DA6-4811-AAFA-15842FD1D992}\_Setup.dll C:\Users\Pc\AppData\Local\Temp\{0382C834-C502-46DF-A434-8D20D861EAC2}\Custom.dll C:\Users\Pc\AppData\Local\Temp\{0382C834-C502-46DF-A434-8D20D861EAC2}\Setup.exe C:\Users\Pc\AppData\Local\Temp\{0382C834-C502-46DF-A434-8D20D861EAC2}\_Setup.dll C:\Users\Pc\AppData\Local\Temp\WzEF5B5.tmp\video.hd.exe C:\Users\Pc\AppData\Local\Temp\WzED2DB.tmp\video.hd.exe C:\Users\Pc\AppData\Local\Temp\WzEB1A7.tmp\Trainer Euro Truck Simulator 2 v 1.1.1 plus 3 by Grom-Skynet.exe C:\Users\Pc\AppData\Local\Temp\WzE9E5D.tmp\Trainer Euro Truck Simulator 2 v 1.1.1 plus 3 by Grom-Skynet.exe C:\Users\Pc\AppData\Local\Temp\WzE13AC.tmp\Trainer Euro Truck Simulator 2 v 1.1.1 plus 3 by Grom-Skynet.exe C:\Users\Pc\AppData\Local\Temp\VSD5F81.tmp\setup-de.exe C:\Users\Pc\AppData\Local\Temp\VSD5F81.tmp\vcredist_2008_x86\vcredist_x86.exe C:\Users\Pc\AppData\Local\Temp\VSD5F81.tmp\DotNetFX40\dotNetFx40LP_Full_x86_x64de.exe C:\Users\Pc\AppData\Local\Temp\VSD5F81.tmp\DotNetFX40\dotNetFx40_Full_x86_x64.exe C:\Users\Pc\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe C:\Users\Pc\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll C:\Users\Pc\AppData\Local\Temp\OCS\ocs_v7f.exe C:\Users\Pc\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8d689b190207dc8cc11c65a624c9879\CheatEngine62.exe C:\Users\Pc\AppData\Local\Temp\nss4E8D.tmp\nsJSON.dll C:\Users\Pc\AppData\Local\Temp\eIntaller\CE1523132DDD427f88A13FD5E159B0E8\eGdpSvc.exe C:\Users\Pc\AppData\Local\Temp\eIntaller\CE1523132DDD427f88A13FD5E159B0E8\eXQ.exe C:\Users\Pc\AppData\Local\Temp\eIntaller\00F838D6042347d59899FCCAB1ADEB64\eXQ.exe C:\Users\Pc\AppData\Local\Temp\A191D543-BAB0-7891-A8F6-1BB149FB19D8\Latest\BExternal.dll C:\Users\Pc\AppData\Local\Temp\A191D543-BAB0-7891-A8F6-1BB149FB19D8\Latest\IEHelper.dll C:\Users\Pc\AppData\Local\Temp\A191D543-BAB0-7891-A8F6-1BB149FB19D8\Latest\sqlite3.dll C:\Users\Pc\AppData\Local\Temp\687312.Uninstall\uninstaller.exe C:\Users\Pc\AppData\Local\Temp\2123078.Uninstall\uninstaller.exe C:\Users\Pc\AppData\Local\Temp\2117562.Uninstall\uninstaller.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2012-05-09 16:14] - [2012-05-09 16:14] - 0391168 ____A (Microsoft Corporation) EC5BD25A41E9B633CB39120DBB0939DC C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2012-05-09 16:53] - [2012-05-09 16:53] - 2872320 ____A (Microsoft Corporation) A27FB0CA2971BEC02595902A9FD35D6D C:\Windows\SysWOW64\explorer.exe [2012-05-09 16:53] - [2012-05-09 16:53] - 2616320 ____A (Microsoft Corporation) 82B49E32080BF5C469BF877C473B15EB C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2012-05-09 16:23] - [2012-05-09 16:23] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C C:\Windows\SysWOW64\User32.dll [2012-05-09 16:23] - [2012-05-09 16:23] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-05-09 16:24] - [2012-05-09 16:24] - 0296816 ____A (Microsoft Corporation) ABFECA99D72CE81E5C3612861F03B0CA ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=Y: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {122eff48-ee77-11e2-a95d-a79839294330} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {122eff48-ee77-11e2-a95d-a79839294330} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[C:]\Recovery\122eff4a-ee77-11e2-a95d-a79839294330\Winre.wim,{122eff4b-ee77-11e2-a95d-a79839294330} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\122eff4a-ee77-11e2-a95d-a79839294330\Winre.wim,{122eff4b-ee77-11e2-a95d-a79839294330} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {122eff48-ee77-11e2-a95d-a79839294330} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=Y: path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {122eff4b-ee77-11e2-a95d-a79839294330} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\122eff4a-ee77-11e2-a95d-a79839294330\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 4095.24 MB Available physical RAM: 3545.4 MB Total Pagefile: 4093.44 MB Available Pagefile: 3530.45 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:44.58 GB) (Free:1.8 GB) NTFS Drive e: (Speicher) (Fixed) (Total:298.34 GB) (Free:288.11 GB) NTFS Drive f: (Spiele) (Fixed) (Total:122.74 GB) (Free:53.75 GB) NTFS Drive h: (INTENSO) (Removable) (Total:3.61 GB) (Free:2.72 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E7C775AB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=45 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=298 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=123 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=4 GB) - (Type=06) LastRegBack: 2013-08-24 06:16 ==================== End Of Log ============================ --- --- --- hi schrauber, wie geht es dann weiter? gruß aneliera |
30.08.2013, 07:15 | #4 |
/// the machine /// TB-Ausbilder | Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Pc\...\Winlogon: [Shell] explorer.exe,C:\Users\Pc\AppData\Roaming\cache.dat [117760 2013-07-08] () <==== ATTENTION C:\Users\Pc\AppData\Roaming\cache.dat C:\Users\Pc\AppData\Roaming\cache.ini
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.08.2013, 19:29 | #5 |
| Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile postenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013 Ran by SYSTEM at 2013-08-30 20:22:18 Run:1 Running from H:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Pc\...\Winlogon: [Shell] explorer.exe,C:\Users\Pc\AppData\Roaming\cache.dat [117760 2013-07-08] () <==== ATTENTION C:\Users\Pc\AppData\Roaming\cache.dat C:\Users\Pc\AppData\Roaming\cache.ini ***************** HKU\Pc\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Pc\AppData\Roaming\cache.dat => Moved successfully. C:\Users\Pc\AppData\Roaming\cache.ini => Moved successfully. ==== End of Fixlog ==== |
31.08.2013, 10:43 | #6 |
/// the machine /// TB-Ausbilder | Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten Dann ab jetzt Kontrollscans im normalen Modus: Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten |
31.08.2013, 12:48 | #7 |
| Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile postenCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.31.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Pc :: PC-PC [Administrator] Schutz: Aktiviert 31.08.2013 12:10:59 mbam-log-2013-08-31 (12-10-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 428654 Laufzeit: 42 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 2 C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1144 -> Löschen bei Neustart. C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> 1968 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 28 HKCR\CLSID\{E8572D1D-25D8-6561-3E3F-D998E9A0F0AE} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8572D1D-25D8-6561-3E3F-D998E9A0F0AE} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8572D1D-25D8-6561-3E3F-D998E9A0F0AE} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8572D1D-25D8-6561-3E3F-D998E9A0F0AE} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{0499A913-506A-9F01-A9BE-C3ECEDFA9584} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0499A913-506A-9F01-A9BE-C3ECEDFA9584} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0499A913-506A-9F01-A9BE-C3ECEDFA9584} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0499A913-506A-9F01-A9BE-C3ECEDFA9584} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{E87F3511-9587-7141-8D86-4FC403DA83A3} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87F3511-9587-7141-8D86-4FC403DA83A3} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87F3511-9587-7141-8D86-4FC403DA83A3} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87F3511-9587-7141-8D86-4FC403DA83A3} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5893F518-9984-CABD-81CF-5F739F1D7DD7} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D78F37F3-39F0-AB88-B70D-8205908ED9F6} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{712BD0D1-CF77-FE5B-C0D8-AE709D01B7A5} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311} (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0Z1N1J -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Daten: C:\ProgramData\eSafe\eGdpSvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bösartig: (c:\progra~2\savesh~1\sprote~1.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bösartig: (c:\progra~2\websea~1\sprote~1.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 17 C:\Users\Pc\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BetterSoft\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Löschen bei Neustart. C:\ProgramData\BetterSoft\OptimizerPro\3036567561 (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\OpenCandy\10B8B2A652974DEB8CBB517F778E800C (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\OpenCandy\B08D66AD1AAD4A8A8917EAB388BAB620 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\OpenCandy\EF4833E6F0FB442DB212FE532220C845 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Local\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Local\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 37 C:\Program Files (x86)\SaveShare\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSearch\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\savenshaarrea\520b83c1263a1.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\savenshaarrea\520b83479088f.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\saveNshaRRe\520b81d74144a.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\cache.dat (Trojan.FakeAlert.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{35F6E892-3301-4F90-AD7B-7B23EE15CA64}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{35F6E892-3301-4F90-AD7B-7B23EE15CA64}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{79FAFF69-6456-4564-A78F-2C74A219DD9F}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{79FAFF69-6456-4564-A78F-2C74A219DD9F}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{A4FD514D-7D93-4B7B-A990-35B17F1E73BB}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{A4FD514D-7D93-4B7B-A990-35B17F1E73BB}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\savenshaarrea\uninstall.exe (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\saveNshaRRe\uninstall.exe (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe (PUP.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\OpenCandy\EF4833E6F0FB442DB212FE532220C845\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\Downloads\video.hd.zip (Trojan.FakeAlert.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Program Files (x86)\SaveShare\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Program Files (x86)\WebSearch\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Löschen bei Neustart. C:\Windows\Tasks\schedule!3036567561.job (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\Dealply\UpdateProc\STTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BetterSoft\OptimizerPro\3036567561.ini (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Löschen bei Neustart. C:\Users\Pc\AppData\Roaming\OpenCandy\10B8B2A652974DEB8CBB517F778E800C\Installer.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pc\AppData\Roaming\OpenCandy\B08D66AD1AAD4A8A8917EAB388BAB620\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\OptimizerPro\Custom.dll (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\OptimizerPro\Readme.txt (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\OptimizerPro\Setup.dat (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\OptimizerPro\Setup.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\OptimizerPro\Setup.ico (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.001 - Report created 31/08/2013 at 13:03:45 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Pc - PC-PC # Running from : G:\adwcleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : winzipersvc ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\BetterSoft Folder Deleted : C:\ProgramData\eSafe Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\StarApp Folder Deleted : C:\ProgramData\savenshaarrea Folder Deleted : C:\ProgramData\saveNshaRRe Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\savenshaarrea Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saveNshaRRe Folder Deleted : C:\Program Files (x86)\DealPly Folder Deleted : C:\Program Files (x86)\optimizer pro Folder Deleted : C:\Program Files (x86)\WebSearch Folder Deleted : C:\Program Files (x86)\WinZipper Folder Deleted : C:\Users\Pc\AppData\Roaming\DSite Folder Deleted : C:\Users\Pc\AppData\Roaming\WinZipper Folder Deleted : C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\paigdpbplbcipjjimkahdflpecckmhip Folder Deleted : C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnbeicpllklbeeehbdebfkdndlgace File Deleted : C:\END File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml File Deleted : C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jsvdjfs6.default-1377179460559\searchplugins\Web Search.xml File Deleted : C:\Windows\Tasks\Dealply.job File Deleted : C:\Windows\System32\Tasks\Dealply ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Shortcut Disinfected : C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Shortcut Disinfected : C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Shortcut Disinfected : C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_703c874a Key Deleted : HKLM\SOFTWARE\e28b8fb638ea15 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\BI Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\OCS Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\delta-homesSoftware Key Deleted : HKLM\Software\eSafeSecControl Key Deleted : HKLM\Software\qvo6Software Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\Uniblue\DriverScanner Key Deleted : HKLM\Software\V9 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v23.0.1 (de) [ File : C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jsvdjfs6.default-1377179460559\prefs.js ] Line Deleted : user_pref("aol_toolbar.default.homepage.check", false); Line Deleted : user_pref("aol_toolbar.default.search.check", false); Line Deleted : user_pref("browser.search.defaultenginename", "Web Search"); Line Deleted : user_pref("browser.search.order.1", "delta-homes"); Line Deleted : user_pref("browser.search.selectedEngine", "Web Search"); Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=aeca5b68-2695-618a-1dec-95579543dcb2&searchtype=hp&fr=linkury-tb&installDate=23/08/2013&ty[...] Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false); Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false); Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Line Deleted : user_pref("extensions.helperbar.Visibility", true); Line Deleted : user_pref("extensions.helperbar.countryiso", "de"); Line Deleted : user_pref("extensions.helperbar.downloadprovider", "yahoooc"); Line Deleted : user_pref("extensions.helperbar.installationid", "aeca5b68-2695-618a-1dec-95579543dcb2"); Line Deleted : user_pref("extensions.helperbar.installdate", "23/08/2013"); Line Deleted : user_pref("extensions.helperbar.publisher", "yahoooc"); Line Deleted : user_pref("extensions.helperbar.type", "hp1000"); Line Deleted : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=aeca5b68-2695-618a-1dec-95579543dcb2&searchtype=ds&fr=linkury-tb&installDate=23/08/2013&type=hp1000&p="[...] Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v [ File : C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [12654 octets] - [31/08/2013 13:03:09] AdwCleaner[S0].txt - [9195 octets] - [31/08/2013 13:03:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9255 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.6 (08.30.2013:1) OS: Windows 7 Professional x64 Ran by Pc on 31.08.2013 at 13:13:43,92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\uniblue ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\saveshare" ~~~ FireFox Emptied folder: C:\Users\Pc\AppData\Roaming\mozilla\firefox\profiles\jsvdjfs6.default-1377179460559\minidumps [4 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 31.08.2013 at 13:21:43,26 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 01 Ran by Pc (administrator) on PC-PC on 31-08-2013 13:31:22 Running from G:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKCU\...\Run: [Steam] - E:\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [GrooveMonitor] - E:\Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000AACS-00ZUB0_WD-WCASU602520225202&ts=1377179147 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000AACS-00ZUB0_WD-WCASU602520225202&ts=1377179147 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Office\Office12\GR469A~1.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Office\Office12\GRA32A~1.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Office\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jsvdjfs6.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR Extension: (savenshaarrea ) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpiecnejkncpcoccmhdhkkggpdkefpme\1 CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-06] (BitRaider, LLC) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 Microsoft Office Groove Audit Service; E:\Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] () R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group) R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [x] S3 BSMI; \??\C:\Program Files (x86)\Tseries BIOS Update\BSMIx64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 13:13 - 2013-08-31 13:13 - 00000000 ____D C:\Windows\ERUNT 2013-08-31 13:07 - 2013-08-31 13:31 - 00013308 _____ C:\Windows\WindowsUpdate.log 2013-08-31 13:03 - 2013-08-31 13:03 - 00000000 ____D C:\AdwCleaner 2013-08-31 12:02 - 2013-08-31 12:02 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Malwarebytes 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-31 12:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-30 22:12 - 2013-08-30 22:12 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2013-08-30 22:09 - 2013-08-30 22:09 - 00002222 _____ C:\Users\Public\Desktop\AION Free-To-Play.lnk 2013-08-30 22:09 - 2013-08-30 22:09 - 00000000 ____D C:\Program Files (x86)\Gameforge 2013-08-30 22:00 - 2013-08-30 22:06 - 145138568 _____ (Gameforge) C:\Users\Pc\Downloads\setup_20120224.exe 2013-08-30 21:53 - 2013-08-30 21:53 - 02432824 _____ (NCSOFT Corporation) C:\Users\Pc\Downloads\nclauncher_3_20130812.exe 2013-08-30 21:50 - 2013-08-30 21:51 - 19328880 _____ (Gameforge ) C:\Users\Pc\Downloads\AION_GameforgeLiveSetup.exe 2013-08-29 19:13 - 2013-08-29 19:13 - 00000000 ____D C:\FRST 2013-08-29 17:18 - 2013-08-29 17:18 - 00001931 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-25 17:07 - 2013-08-26 12:13 - 00000000 ____D C:\Users\Pc\AppData\Local\Unity 2013-08-25 11:29 - 2013-08-25 15:39 - 00000000 ____D C:\Users\Pc\AppData\Roaming\GetRightToGo 2013-08-25 08:35 - 2013-08-30 22:08 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IDM 2013-08-25 08:35 - 2013-08-25 09:03 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DMCache 2013-08-25 08:35 - 2013-08-25 08:35 - 00000000 ____D C:\ProgramData\IDM 2013-08-25 08:34 - 2013-08-25 09:04 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2013-08-24 13:37 - 2013-08-24 13:37 - 00000561 _____ C:\Users\Pc\Desktop\Pictures - Verknüpfung.lnk 2013-08-24 13:36 - 2013-08-24 13:36 - 00000000 ____D C:\Users\Pc\Desktop\Video 2013-08-24 06:56 - 2013-08-24 06:56 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-23 19:34 - 2013-08-25 09:11 - 00000386 _____ C:\Users\Pc\Documents\eurotrucks2.CT 2013-08-23 19:27 - 2013-08-23 19:27 - 00001098 _____ C:\Users\Pc\Desktop\Cheat Engine.lnk 2013-08-23 19:27 - 2013-08-23 19:27 - 00000000 ____D C:\Users\Pc\Documents\My Cheat Tables 2013-08-23 19:27 - 2013-08-23 19:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3 2013-08-22 16:45 - 2013-08-22 16:45 - 00000054 _____ C:\Users\Pc\AppData\Roaming\WB.CFG 2013-08-22 16:45 - 2013-08-22 16:45 - 00000005 _____ C:\Users\Pc\AppData\Roaming\WBPU-TTL.DAT 2013-08-22 15:51 - 2013-08-22 15:51 - 00000000 ____D C:\Users\Pc\Desktop\Alte Firefox-Daten 2013-08-22 15:45 - 2013-08-22 15:45 - 00000000 ____D C:\User Data 2013-08-18 21:33 - 2013-08-18 21:33 - 00000000 ____D C:\Users\Pc\AppData\Local\avgchrome 2013-08-18 21:24 - 2013-08-18 21:33 - 00000000 ____D C:\ProgramData\Freemake 2013-08-18 21:24 - 2013-08-18 21:24 - 00000000 ____D C:\Users\Pc\Documents\Freemake 2013-08-18 21:23 - 2013-08-18 21:33 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-08-18 20:45 - 2013-08-18 20:57 - 02724828 _____ C:\Users\Pc\Documents\08 16 Dollars.wma 2013-08-18 20:31 - 2013-08-18 20:41 - 04583358 _____ C:\Users\Pc\Documents\06 7 Shots.wma 2013-08-17 16:30 - 2013-08-17 22:42 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Kalypso Media 2013-08-17 16:25 - 2013-08-17 16:25 - 00000000 ____D C:\Program Files (x86)\Kalypso Media 2013-08-17 16:22 - 2013-08-18 22:15 - 01589618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-17 16:06 - 2013-08-17 16:06 - 00000760 _____ C:\Users\Pc\Desktop\Landwirtschafts Simulator 2011 .lnk 2013-08-17 08:55 - 2013-08-17 13:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 11:11 - 2013-08-15 11:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Risen2 2013-08-15 11:06 - 2013-08-15 11:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-14 15:33 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 15:33 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 15:33 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 15:33 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 15:33 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 15:33 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 15:33 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 15:33 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 15:33 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 15:33 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 15:33 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 15:33 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 15:11 - 2013-08-14 15:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Google 2013-08-14 13:44 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 13:44 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 13:44 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 13:44 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 13:44 - 2013-07-09 16:51 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 13:44 - 2013-07-09 16:51 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2013-08-14 13:44 - 2013-07-09 16:47 - 01472000 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 13:44 - 2013-07-09 16:47 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 13:44 - 2013-07-09 16:47 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 13:44 - 2013-07-09 16:02 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 13:44 - 2013-07-09 16:01 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2013-08-14 13:44 - 2013-07-09 15:57 - 01167360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 13:44 - 2013-07-09 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 13:44 - 2013-07-09 15:57 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 13:44 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 13:44 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 13:44 - 2013-07-08 07:22 - 05554624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 13:44 - 2013-07-08 07:20 - 01737688 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 13:44 - 2013-07-08 07:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-08-14 13:44 - 2013-07-08 07:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 13:44 - 2013-07-08 07:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-08-14 13:44 - 2013-07-08 07:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-08-14 13:44 - 2013-07-08 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-08-14 13:44 - 2013-07-08 07:14 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-08-14 13:44 - 2013-07-08 07:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-08-14 13:44 - 2013-07-08 07:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:08 - 03973056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 13:44 - 2013-07-08 07:08 - 03918272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 13:44 - 2013-07-08 07:06 - 01296312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 13:44 - 2013-07-08 07:05 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-08-14 13:44 - 2013-07-08 07:05 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-08-14 13:44 - 2013-07-08 07:05 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 05:31 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2013-08-14 13:44 - 2013-07-08 05:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2013-08-14 13:44 - 2013-07-08 05:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2013-08-14 13:44 - 2013-07-08 05:12 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-08-14 13:44 - 2013-07-08 05:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 13:44 - 2013-07-08 05:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 13:44 - 2013-07-08 05:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 13:44 - 2013-07-08 05:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 13:44 - 2013-07-08 05:02 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 05:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 05:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 05:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 04:50 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-08-14 13:44 - 2013-07-06 07:20 - 01900992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 13:44 - 2013-07-06 07:20 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2013-08-14 13:44 - 2013-07-06 07:20 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2013-08-14 13:44 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-10 17:17 - 2013-08-10 17:17 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-10 10:05 - 2013-08-10 10:05 - 00000641 _____ C:\Users\Pc\Documents\Uninstall STAR WARS The Old Republic.log 2013-08-10 10:04 - 2013-08-30 21:43 - 00000000 ____D C:\Program Files (x86)\plaync 2013-08-09 17:25 - 2013-08-09 17:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Chromium 2013-08-07 19:23 - 2013-08-07 19:23 - 00000025 _____ C:\Users\Pc\Desktop\options.ini 2013-08-07 19:23 - 2013-07-09 02:47 - 00575029 _____ C:\Users\Pc\Desktop\left4uncut.exe 2013-08-06 22:06 - 2013-08-10 10:06 - 00000000 ____D C:\ProgramData\BitRaider 2013-08-06 22:06 - 2013-08-06 22:06 - 00000000 ____D C:\Users\Public\Documents\BitRaider 2013-08-06 22:05 - 2013-08-06 22:05 - 00000000 ____D C:\Users\Pc\AppData\Local\SWTORPerf 2013-08-06 21:56 - 2013-08-06 21:57 - 00016608 _____ C:\Users\Pc\Documents\Install STAR WARS The Old Republic.log 2013-08-06 21:56 - 2013-08-06 21:56 - 00000000 ____D C:\Users\hedev 2013-08-06 19:42 - 2013-08-06 22:20 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TS3Client 2013-08-06 19:42 - 2013-08-06 19:42 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-08-06 19:42 - 2013-08-06 19:42 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-08-06 19:39 - 2013-08-16 08:59 - 00000169 _____ C:\Users\Pc\Desktop\Microcomandos.txt 2013-08-04 20:26 - 2013-08-04 20:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-08-02 12:21 - 2013-08-02 12:21 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo ==================== One Month Modified Files and Folders ======= 2013-08-31 13:22 - 2013-07-30 07:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-31 13:21 - 2013-08-31 13:21 - 00001250 _____ C:\Users\Pc\Desktop\JRT.txt 2013-08-31 13:13 - 2013-08-31 13:13 - 00000000 ____D C:\Windows\ERUNT 2013-08-31 13:12 - 2009-07-14 06:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-31 13:12 - 2009-07-14 06:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-31 13:06 - 2013-07-17 16:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-31 13:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-31 13:03 - 2013-08-31 13:03 - 00000000 ____D C:\AdwCleaner 2013-08-31 13:03 - 2013-07-17 01:34 - 00000998 _____ C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-08-31 13:00 - 2013-07-29 20:50 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Skype 2013-08-31 12:05 - 2011-04-12 09:43 - 00696832 _____ C:\Windows\system32\perfh007.dat 2013-08-31 12:05 - 2011-04-12 09:43 - 00148128 _____ C:\Windows\system32\perfc007.dat 2013-08-31 12:05 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-31 12:02 - 2013-08-31 12:02 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Malwarebytes 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-31 08:09 - 2013-07-30 15:23 - 00000000 ____D C:\Users\Pc\Documents\Euro Truck Simulator 2 2013-08-30 22:12 - 2013-08-30 22:12 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2013-08-30 22:09 - 2013-08-30 22:09 - 00002222 _____ C:\Users\Public\Desktop\AION Free-To-Play.lnk 2013-08-30 22:09 - 2013-08-30 22:09 - 00000000 ____D C:\Program Files (x86)\Gameforge 2013-08-30 22:08 - 2013-08-25 08:35 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IDM 2013-08-30 22:08 - 2013-07-17 02:23 - 00000000 ____D C:\Windows\Panther 2013-08-30 22:06 - 2013-08-30 22:00 - 145138568 _____ (Gameforge) C:\Users\Pc\Downloads\setup_20120224.exe 2013-08-30 21:53 - 2013-08-30 21:53 - 02432824 _____ (NCSOFT Corporation) C:\Users\Pc\Downloads\nclauncher_3_20130812.exe 2013-08-30 21:51 - 2013-08-30 21:50 - 19328880 _____ (Gameforge ) C:\Users\Pc\Downloads\AION_GameforgeLiveSetup.exe 2013-08-30 21:43 - 2013-08-10 10:04 - 00000000 ____D C:\Program Files (x86)\plaync 2013-08-29 19:13 - 2013-08-29 19:13 - 00000000 ____D C:\FRST 2013-08-29 17:18 - 2013-08-29 17:18 - 00001931 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-29 17:18 - 2013-07-17 16:24 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-26 12:13 - 2013-08-25 17:07 - 00000000 ____D C:\Users\Pc\AppData\Local\Unity 2013-08-25 15:39 - 2013-08-25 11:29 - 00000000 ____D C:\Users\Pc\AppData\Roaming\GetRightToGo 2013-08-25 09:11 - 2013-08-23 19:34 - 00000386 _____ C:\Users\Pc\Documents\eurotrucks2.CT 2013-08-25 09:04 - 2013-08-25 08:34 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2013-08-25 09:03 - 2013-08-25 08:35 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DMCache 2013-08-25 08:35 - 2013-08-25 08:35 - 00000000 ____D C:\ProgramData\IDM 2013-08-24 13:37 - 2013-08-24 13:37 - 00000561 _____ C:\Users\Pc\Desktop\Pictures - Verknüpfung.lnk 2013-08-24 13:36 - 2013-08-24 13:36 - 00000000 ____D C:\Users\Pc\Desktop\Video 2013-08-24 06:56 - 2013-08-24 06:56 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-23 19:27 - 2013-08-23 19:27 - 00001098 _____ C:\Users\Pc\Desktop\Cheat Engine.lnk 2013-08-23 19:27 - 2013-08-23 19:27 - 00000000 ____D C:\Users\Pc\Documents\My Cheat Tables 2013-08-23 19:27 - 2013-08-23 19:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3 2013-08-22 21:33 - 2011-02-19 23:03 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-08-22 21:33 - 2011-02-19 00:40 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-08-22 16:45 - 2013-08-22 16:45 - 00000054 _____ C:\Users\Pc\AppData\Roaming\WB.CFG 2013-08-22 16:45 - 2013-08-22 16:45 - 00000005 _____ C:\Users\Pc\AppData\Roaming\WBPU-TTL.DAT 2013-08-22 15:51 - 2013-08-22 15:51 - 00000000 ____D C:\Users\Pc\Desktop\Alte Firefox-Daten 2013-08-22 15:45 - 2013-08-22 15:45 - 00000000 ____D C:\User Data 2013-08-18 22:15 - 2013-08-17 16:22 - 01589618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-18 21:33 - 2013-08-18 21:33 - 00000000 ____D C:\Users\Pc\AppData\Local\avgchrome 2013-08-18 21:33 - 2013-08-18 21:24 - 00000000 ____D C:\ProgramData\Freemake 2013-08-18 21:33 - 2013-08-18 21:23 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-08-18 21:24 - 2013-08-18 21:24 - 00000000 ____D C:\Users\Pc\Documents\Freemake 2013-08-18 20:57 - 2013-08-18 20:45 - 02724828 _____ C:\Users\Pc\Documents\08 16 Dollars.wma 2013-08-18 20:41 - 2013-08-18 20:31 - 04583358 _____ C:\Users\Pc\Documents\06 7 Shots.wma 2013-08-18 09:13 - 2013-07-22 07:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-17 22:42 - 2013-08-17 16:30 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Kalypso Media 2013-08-17 16:37 - 2013-07-18 22:42 - 00000000 ____D C:\Users\Pc\Documents\My Games 2013-08-17 16:25 - 2013-08-17 16:25 - 00000000 ____D C:\Program Files (x86)\Kalypso Media 2013-08-17 16:06 - 2013-08-17 16:06 - 00000760 _____ C:\Users\Pc\Desktop\Landwirtschafts Simulator 2011 .lnk 2013-08-17 13:52 - 2013-08-17 08:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-16 08:59 - 2013-08-06 19:39 - 00000169 _____ C:\Users\Pc\Desktop\Microcomandos.txt 2013-08-16 08:59 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-08-15 11:11 - 2013-08-15 11:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Risen2 2013-08-15 11:06 - 2013-08-15 11:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-14 15:27 - 2013-07-18 23:16 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 15:25 - 2013-07-17 02:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-14 15:11 - 2013-08-14 15:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Google 2013-08-10 17:17 - 2013-08-10 17:17 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-10 17:17 - 2013-07-17 01:33 - 00000000 ____D C:\Users\Pc 2013-08-10 10:06 - 2013-08-06 22:06 - 00000000 ____D C:\ProgramData\BitRaider 2013-08-10 10:05 - 2013-08-10 10:05 - 00000641 _____ C:\Users\Pc\Documents\Uninstall STAR WARS The Old Republic.log 2013-08-09 17:25 - 2013-08-09 17:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Chromium 2013-08-07 19:23 - 2013-08-07 19:23 - 00000025 _____ C:\Users\Pc\Desktop\options.ini 2013-08-06 22:44 - 2013-07-17 16:26 - 00000000 ____D C:\Program Files\CCleaner 2013-08-06 22:20 - 2013-08-06 19:42 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TS3Client 2013-08-06 22:06 - 2013-08-06 22:06 - 00000000 ____D C:\Users\Public\Documents\BitRaider 2013-08-06 22:05 - 2013-08-06 22:05 - 00000000 ____D C:\Users\Pc\AppData\Local\SWTORPerf 2013-08-06 21:57 - 2013-08-06 21:56 - 00016608 _____ C:\Users\Pc\Documents\Install STAR WARS The Old Republic.log 2013-08-06 21:56 - 2013-08-06 21:56 - 00000000 ____D C:\Users\hedev 2013-08-06 19:42 - 2013-08-06 19:42 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-08-06 19:42 - 2013-08-06 19:42 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-08-04 20:26 - 2013-08-04 20:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-08-02 12:21 - 2013-08-02 12:21 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo Files to move or delete: ==================== C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\Setup.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\VisualCRT\vc2008redist_x86.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\DSETUP.dll C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\dsetup32.dll C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\DXSETUP.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\data\Star Wars - The Old Republic Uninstaller.exe C:\Users\Pc\AppData\Local\Temp\Quarantine.exe C:\Users\Pc\AppData\Local\Temp\{2BD717D7-ED1B-47A7-833B-676E0025335C}\InstallshieldWebClient.dll C:\Users\Pc\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2012-05-09 17:14] - [2012-05-09 17:14] - 0391168 ____A (Microsoft Corporation) EC5BD25A41E9B633CB39120DBB0939DC C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2012-05-09 17:53] - [2012-05-09 17:53] - 2872320 ____A (Microsoft Corporation) A27FB0CA2971BEC02595902A9FD35D6D C:\Windows\SysWOW64\explorer.exe [2012-05-09 17:53] - [2012-05-09 17:53] - 2616320 ____A (Microsoft Corporation) 82B49E32080BF5C469BF877C473B15EB C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2012-05-09 17:23] - [2012-05-09 17:23] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C C:\Windows\SysWOW64\User32.dll [2012-05-09 17:23] - [2012-05-09 17:23] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-05-09 17:24] - [2012-05-09 17:24] - 0296816 ____A (Microsoft Corporation) ABFECA99D72CE81E5C3612861F03B0CA LastRegBack: 2013-08-24 07:16 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2013 01 Ran by Pc at 2013-08-31 13:31:46 Running from G:\ Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) AION Free-To-Play (x32 Version: 2.70.0000) Aliens: Colonial Marines (x32) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80328.2204) avast! Free Antivirus (x32 Version: 8.0.1489.0) BitRaider Web Client (x32 Version: 1.1.8.1) Bulletstorm (x32) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) Cheat Engine 6.3 (x32) Duke Nukem Forever (x32) DUNGEONS Game of the Year edition (x32 Version: 1.3.3.0) eaner (Version: 4.03) Euro Truck Simulator 2 (x32 Version: 1.1.1) F.E.A.R. 3 (x32) Google Update Helper (x32 Version: 1.3.23.0) Landwirtschafts Simulator 2011 (x32 Version: 1.0) Left 4 Dead 2 (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) McAfee Security Scan Plus (x32 Version: 3.0.318.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) NC Launcher (GameForge) (x32) NCLauncher (plaync) (x32) NVIDIA PhysX (x32 Version: 9.10.0513) Painkiller Hell & Damnation (x32) Risen 2 - Dark Waters (x32) Skype™ 6.6 (x32 Version: 6.6.106) Star Wars: The Old Republic (x32 Version: 1.00) Steam (x32 Version: 1.0.0.0) TeamSpeak 3 Client (x32 Version: 3.0.11) Unity Web Player (HKCU Version: 2.6.1f3_31223) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) VLC media player 2.0.7 (Version: 2.0.7) WinRAR 4.20 (64-Bit) (Version: 4.20.0) WinZipper (x32 Version: 1.4.8) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00E021FB-3621-4DC9-952F-F75CFD0ADF7B} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe No File Task: {0E968A56-B1D4-4EC0-86E4-5E7B6EC8D0BC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {222077B0-2C6A-44D8-A859-BF10F6190996} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {600201FA-5B7E-43AF-810F-F681AB7951BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-30] (Adobe Systems Incorporated) Task: {8AE29DC0-5EA0-4449-98E8-C8C62C4E34B1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2336365200-1394181775-1535421028-1000 Task: {8F1CC0C5-6A28-4FE1-B0D7-1493CE17AE9C} - \Dealply No Task File Task: {D020CE08-47E0-4609-ADE3-02672C0504F2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {F5A5640D-8592-44A4-BE14-94F7C243E186} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-29 04:37 - 2013-03-29 04:37 - 00139696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2013-03-29 04:37 - 2013-03-29 04:37 - 01155264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll 2013-03-29 04:36 - 2013-03-29 04:36 - 08272136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll 2013-07-17 16:23 - 2013-05-09 10:58 - 00302224 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\snxhk64.dll 2013-04-26 06:36 - 2013-04-26 06:36 - 09797768 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll 2010-03-18 14:27 - 2010-03-18 14:27 - 00827744 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100_CLR0400.dll 2013-08-17 23:37 - 2013-08-17 23:37 - 19358208 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\cb653b6b8da0966098d70da98cba1ef3\mscorlib.ni.dll 2013-04-26 06:36 - 2013-04-26 06:36 - 00068760 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll 2012-10-09 10:26 - 2012-10-09 10:26 - 01511000 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll 2013-08-17 23:37 - 2013-08-17 23:37 - 11892224 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System\38cbf4b6872aa8f5e31d3421acdfd80d\System.ni.dll 2013-08-22 20:29 - 2013-08-22 20:29 - 02306560 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\f9a3db5c12a423c8452e4bc33f3bf2d8\System.Drawing.ni.dll 2013-08-22 20:30 - 2013-08-22 20:30 - 17355776 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\771380e1dd1d349f7b1de86f5a0ed713\System.Windows.Forms.ni.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00097792 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll 2013-03-28 22:13 - 2013-03-28 22:13 - 00031744 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00025088 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00048640 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll 2013-08-22 20:29 - 2013-08-22 20:29 - 00995328 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\f93d5d3b7b96ded7d494fb2e4cd231db\System.Runtime.Remoting.ni.dll 2013-08-22 20:27 - 2013-08-22 20:27 - 10440192 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\48c9534b3cc8f11403f0542d7933e15f\System.Core.ni.dll 2013-08-22 20:29 - 2013-08-22 20:29 - 15782912 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\a689e5d1260a0772dbffda9cbf1b3545\System.Web.ni.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00022528 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll 2013-03-28 22:13 - 2013-03-28 22:13 - 00015872 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00018432 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll 2013-08-22 20:27 - 2013-08-22 20:27 - 07062016 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\d71664672edd04f493a8cf12c3303019\System.Xml.ni.dll 2013-08-22 20:26 - 2013-08-22 20:26 - 01291264 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\cd54961311941c9b78206daf90177ea9\System.Configuration.ni.dll 2013-07-17 03:20 - 2013-07-17 03:20 - 00322400 _____ (Microsoft Corporation) C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00038912 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00029696 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll 2012-11-07 07:08 - 2012-11-07 07:08 - 00188928 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00035328 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00006144 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00048128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll 2013-03-28 22:13 - 2013-03-28 22:13 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00045056 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00016384 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll 2013-03-29 03:35 - 2013-03-29 03:35 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGY.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00007168 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.A4.Runtime.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00010752 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.A4.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00217088 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00011776 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\A4.Foundation.dll 2013-08-22 20:30 - 2013-08-22 20:30 - 00281088 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\3db4bc1be7f86051097ec8bdd700a67f\System.ServiceProcess.ni.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00335872 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00006144 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00008704 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00006656 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll 2013-08-22 20:28 - 2013-08-22 20:28 - 05237760 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\3b2b52955e90267a01173047fc345b4e\WindowsBase.ni.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00026112 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00057856 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00159744 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects2.Runtime.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00069632 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00004608 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00051200 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.shared.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00006656 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00110592 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00004608 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll 2012-05-14 09:35 - 2012-05-14 09:35 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00013312 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00014336 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00010752 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00013824 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00011776 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00015872 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00013312 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00019456 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00012288 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00067072 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll 2013-07-17 03:20 - 2013-07-17 03:20 - 00438648 _____ (Microsoft Corporation) C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00007680 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00385024 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00037376 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll 2013-08-22 20:28 - 2013-08-22 20:28 - 15909376 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\f667ef84c6cbf994068667e5ad0e0115\PresentationCore.ni.dll 2013-08-22 20:29 - 2013-08-22 20:29 - 24411648 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d7c8d42f4a18a45fe53870db95360cc4\PresentationFramework.ni.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 01443328 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll 2013-08-22 20:27 - 2013-08-22 20:27 - 02475520 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\97b58d8732145eb6a771324da836f0f0\System.Xaml.ni.dll 2013-07-23 13:35 - 2013-07-23 13:35 - 02154656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll 2010-03-18 14:27 - 2010-03-18 14:27 - 01098096 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00413696 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Systemtray.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00175616 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll 2012-05-04 16:42 - 2012-05-04 16:42 - 00098304 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00035840 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.WirelessDisplay.Graphics.Shared.dll 2013-03-28 22:13 - 2013-03-28 22:13 - 00545792 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll 2013-03-28 22:13 - 2013-03-28 22:13 - 00342528 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.A4.Dashboard.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00176128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 01097728 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 01416192 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll 2013-03-28 22:16 - 2013-03-28 22:16 - 00627712 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00369664 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll 2013-03-28 22:16 - 2013-03-28 22:16 - 00393216 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 02498560 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiVPU2.Graphics.Shared.dll 2013-03-28 22:16 - 2013-03-28 22:16 - 00217088 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll 2013-03-28 22:16 - 2013-03-28 22:16 - 00021504 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll 2013-03-28 22:16 - 2013-03-28 22:16 - 00101888 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Audio.Graphics.Dashboard.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll 2013-03-28 22:17 - 2013-03-28 22:17 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll 2013-03-28 22:13 - 2013-03-28 22:13 - 00384512 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.de_Localization.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00311296 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll 2013-03-29 04:37 - 2013-03-29 04:37 - 00112440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll 2013-03-29 04:36 - 2013-03-29 04:36 - 06985624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll 2013-03-29 04:36 - 2013-03-29 04:36 - 05000320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll 2013-08-22 20:29 - 2013-08-22 20:29 - 00622592 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\5516952f66f039d116ca43e31ad8e423\PresentationFramework.Aero.ni.dll 2013-07-17 03:20 - 2013-07-17 03:20 - 00267648 _____ (Microsoft Corporation) C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll 2013-07-17 03:20 - 2013-07-17 03:20 - 00230240 _____ (Microsoft Corporation) C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.resources.dll 2013-03-28 22:16 - 2013-03-28 22:16 - 00061952 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll 2013-03-28 22:16 - 2013-03-28 22:16 - 01351680 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll 2013-03-28 22:12 - 2013-03-28 22:12 - 00490496 _____ (Microsoft) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Microsoft.WindowsAPICodePack.Shell.dll 2013-03-28 22:12 - 2013-03-28 22:12 - 00083456 _____ (Microsoft) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Microsoft.WindowsAPICodePack.dll 2013-07-17 03:20 - 2013-07-17 03:20 - 00110960 _____ (Microsoft Corporation) C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationCore.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll 2013-08-22 20:34 - 2013-08-22 20:34 - 00337408 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\2e49157228533dff5a0e96fdd8f29317\WindowsFormsIntegration.ni.dll 2013-08-22 20:30 - 2013-08-22 20:30 - 00122368 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\5e25c6e63fe9de2f9f8056c9275a363e\UIAutomationProvider.ni.dll 2013-03-28 22:15 - 2013-03-28 22:15 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll 2013-07-17 16:23 - 2013-05-09 10:58 - 00133840 _____ (AVAST Software) C:\Program Files\AVAST Software\Avast\ashShA64.dll 2009-07-14 01:36 - 2009-07-14 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\sdautoplay.dll 2012-05-09 16:17 - 2012-05-09 16:17 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\SPP.dll 2010-11-21 05:24 - 2010-11-21 05:24 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\VSSAPI.DLL 2009-07-14 01:36 - 2009-07-14 03:41 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\VssTrace.DLL 2010-11-21 05:25 - 2010-11-21 05:25 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll 2010-11-21 05:24 - 2010-11-21 05:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2012-05-09 16:50 - 2012-05-09 16:50 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 4095.24 MB Available physical RAM: 2831.63 MB Total Pagefile: 8188.67 MB Available Pagefile: 6620.55 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:44.58 GB) (Free:2 GB) NTFS Drive d: (Speicher) (Fixed) (Total:298.34 GB) (Free:280.66 GB) NTFS Drive e: (Spiele) (Fixed) (Total:122.74 GB) (Free:53.75 GB) NTFS Drive g: (INTENSO) (Removable) (Total:3.61 GB) (Free:2.71 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E7C775AB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=45 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=298 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=123 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=4 GB) - (Type=06) ==================== End Of Log ============================ |
31.08.2013, 14:25 | #8 |
/// the machine /// TB-Ausbilder | Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile postenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.08.2013, 17:25 | #9 |
| Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile postenCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=40f96fe03c98a74b865f1f79014cdf80 # engine=14965 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-08-31 03:35:26 # local_time=2013-08-31 05:35:26 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 85 91 3892274 154673198 0 0 # compatibility_mode=5893 16776573 100 94 15446 129593176 0 0 # scanned=214818 # found=3 # cleaned=0 # scan_time=3015 sh=9474B17763E295CABFA6EE26867FCB38DCCD898A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnbeicpllklbeeehbdebfkdndlgace\1\520b81d7412629.54805833.js.vir" sh=634974BE2F6C8BEC5330DEFE405949C7D11E340D ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\paigdpbplbcipjjimkahdflpecckmhip\1\520b83c1261943.23681405.js.vir" sh=3355BBEAB8839248B30E8E835156157F35BCF918 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpiecnejkncpcoccmhdhkkggpdkefpme\1\520b8347906484.29885416.js" Code:
ATTFilter unsupported operating system! Aborted! |
31.08.2013, 20:44 | #10 |
/// the machine /// TB-Ausbilder | Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten Chrome deinstallieren, keine Daten behalten, neu installieren. Frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.09.2013, 15:16 | #11 |
| Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 01 Ran by SYSTEM on MININT-93T6N9S on 01-09-2013 16:12:10 Running from H:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [GrooveMonitor] - "E:\Office\Office12\GrooveMonitor.exe" [x] HKU\Pc\...\Run: [Steam] - "E:\Steam\Steam.exe" -silent [x] HKU\Pc\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKU\Pc\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd) ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-06] (BitRaider, LLC) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 Microsoft Office Groove Audit Service; E:\Office\Office12\GrooveAuditService.exe [x] ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] () S1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group) S1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [x] S3 BSMI; \??\C:\Program Files (x86)\Tseries BIOS Update\BSMIx64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-01 12:21 - 2013-09-01 12:21 - 00000000 _____ C:\Windows\setuperr.log 2013-09-01 11:34 - 2013-09-01 14:53 - 00019067 _____ C:\Windows\WindowsUpdate.log 2013-08-31 12:21 - 2013-08-31 12:21 - 00001250 _____ C:\Users\Pc\Desktop\JRT.txt 2013-08-31 12:13 - 2013-08-31 12:13 - 00000000 ____D C:\Windows\ERUNT 2013-08-31 12:03 - 2013-08-31 12:03 - 00000000 ____D C:\AdwCleaner 2013-08-31 11:02 - 2013-08-31 11:02 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-31 11:02 - 2013-08-31 11:02 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Malwarebytes 2013-08-31 11:02 - 2013-08-31 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-31 11:02 - 2013-08-31 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-31 11:02 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-08-30 21:12 - 2013-08-30 21:12 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2013-08-30 21:09 - 2013-08-30 21:09 - 00002222 _____ C:\Users\Public\Desktop\AION Free-To-Play.lnk 2013-08-30 21:09 - 2013-08-30 21:09 - 00000000 ____D C:\Program Files (x86)\Gameforge 2013-08-30 21:00 - 2013-08-30 21:06 - 145138568 _____ (Gameforge) C:\Users\Pc\Downloads\setup_20120224.exe 2013-08-30 20:53 - 2013-08-30 20:53 - 02432824 _____ (NCSOFT Corporation) C:\Users\Pc\Downloads\nclauncher_3_20130812.exe 2013-08-30 20:50 - 2013-08-30 20:51 - 19328880 _____ (Gameforge ) C:\Users\Pc\Downloads\AION_GameforgeLiveSetup.exe 2013-08-29 18:13 - 2013-08-29 18:13 - 00000000 ____D C:\FRST 2013-08-29 16:18 - 2013-08-29 16:18 - 00001931 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-25 16:07 - 2013-08-26 11:13 - 00000000 ____D C:\Users\Pc\AppData\Local\Unity 2013-08-25 10:29 - 2013-08-25 14:39 - 00000000 ____D C:\Users\Pc\AppData\Roaming\GetRightToGo 2013-08-25 07:35 - 2013-08-30 21:08 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IDM 2013-08-25 07:35 - 2013-08-25 08:03 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DMCache 2013-08-25 07:35 - 2013-08-25 07:35 - 00000000 ____D C:\ProgramData\IDM 2013-08-25 07:34 - 2013-08-25 08:04 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2013-08-24 12:37 - 2013-08-24 12:37 - 00000561 _____ C:\Users\Pc\Desktop\Pictures - Verknüpfung.lnk 2013-08-24 05:56 - 2013-08-24 05:56 - 00000000 ____D C:\Windows\System32\appmgmt 2013-08-23 18:34 - 2013-08-25 08:11 - 00000386 _____ C:\Users\Pc\Documents\eurotrucks2.CT 2013-08-23 18:27 - 2013-08-23 18:27 - 00001098 _____ C:\Users\Pc\Desktop\Cheat Engine.lnk 2013-08-23 18:27 - 2013-08-23 18:27 - 00000000 ____D C:\Users\Pc\Documents\My Cheat Tables 2013-08-23 18:27 - 2013-08-23 18:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3 2013-08-22 15:45 - 2013-08-22 15:45 - 00000054 _____ C:\Users\Pc\AppData\Roaming\WB.CFG 2013-08-22 15:45 - 2013-08-22 15:45 - 00000005 _____ C:\Users\Pc\AppData\Roaming\WBPU-TTL.DAT 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\User Data 2013-08-18 20:33 - 2013-08-18 20:33 - 00000000 ____D C:\Users\Pc\AppData\Local\avgchrome 2013-08-18 20:24 - 2013-08-18 20:33 - 00000000 ____D C:\ProgramData\Freemake 2013-08-18 20:24 - 2013-08-18 20:24 - 00000000 ____D C:\Users\Pc\Documents\Freemake 2013-08-18 20:23 - 2013-08-18 20:33 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-08-18 19:45 - 2013-08-18 19:57 - 02724828 _____ C:\Users\Pc\Documents\08 16 Dollars.wma 2013-08-18 19:31 - 2013-08-18 19:41 - 04583358 _____ C:\Users\Pc\Documents\06 7 Shots.wma 2013-08-17 15:30 - 2013-08-17 21:42 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Kalypso Media 2013-08-17 15:25 - 2013-08-17 15:25 - 00000000 ____D C:\Program Files (x86)\Kalypso Media 2013-08-17 15:22 - 2013-08-18 21:15 - 01589618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-17 15:06 - 2013-08-17 15:06 - 00000760 _____ C:\Users\Pc\Desktop\Landwirtschafts Simulator 2011 .lnk 2013-08-17 07:55 - 2013-08-17 12:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 10:11 - 2013-08-15 10:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Risen2 2013-08-15 10:06 - 2013-08-15 10:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-14 14:33 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-14 14:33 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-14 14:33 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-14 14:33 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-14 14:33 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-14 14:33 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-14 14:33 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 14:33 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 14:33 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 14:33 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 14:33 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 14:33 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 14:33 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-14 14:33 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 14:11 - 2013-08-14 14:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Google 2013-08-14 12:44 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-14 12:44 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 12:44 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-14 12:44 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 12:44 - 2013-07-09 15:51 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-14 12:44 - 2013-07-09 15:51 - 00189440 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll 2013-08-14 12:44 - 2013-07-09 15:47 - 01472000 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-14 12:44 - 2013-07-09 15:47 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-14 12:44 - 2013-07-09 15:47 - 00141824 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-14 12:44 - 2013-07-09 15:02 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 12:44 - 2013-07-09 15:01 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2013-08-14 12:44 - 2013-07-09 14:57 - 01167360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 12:44 - 2013-07-09 14:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 12:44 - 2013-07-09 14:57 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 12:44 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-14 12:44 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 12:44 - 2013-07-08 06:22 - 05554624 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-14 12:44 - 2013-07-08 06:20 - 01737688 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-14 12:44 - 2013-07-08 06:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-08-14 12:44 - 2013-07-08 06:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-08-14 12:44 - 2013-07-08 06:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-08-14 12:44 - 2013-07-08 06:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-08-14 12:44 - 2013-07-08 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-08-14 12:44 - 2013-07-08 06:14 - 01162240 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-08-14 12:44 - 2013-07-08 06:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-08-14 12:44 - 2013-07-08 06:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00058368 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 06:08 - 03973056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 12:44 - 2013-07-08 06:08 - 03918272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 12:44 - 2013-07-08 06:06 - 01296312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 12:44 - 2013-07-08 06:05 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-08-14 12:44 - 2013-07-08 06:05 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-08-14 12:44 - 2013-07-08 06:05 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 04:31 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe 2013-08-14 12:44 - 2013-07-08 04:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys 2013-08-14 12:44 - 2013-07-08 04:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe 2013-08-14 12:44 - 2013-07-08 04:12 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-08-14 12:44 - 2013-07-08 04:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 12:44 - 2013-07-08 04:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 12:44 - 2013-07-08 04:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 12:44 - 2013-07-08 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 12:44 - 2013-07-08 04:02 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 04:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 04:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 04:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-08-14 12:44 - 2013-07-08 03:50 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-08-14 12:44 - 2013-07-06 06:20 - 01900992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-14 12:44 - 2013-07-06 06:20 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2013-08-14 12:44 - 2013-07-06 06:20 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-08-14 12:44 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-10 16:17 - 2013-08-10 16:17 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-10 09:05 - 2013-08-10 09:05 - 00000641 _____ C:\Users\Pc\Documents\Uninstall STAR WARS The Old Republic.log 2013-08-10 09:04 - 2013-08-30 20:43 - 00000000 ____D C:\Program Files (x86)\plaync 2013-08-09 16:25 - 2013-08-09 16:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Chromium 2013-08-07 18:23 - 2013-08-07 18:23 - 00000025 _____ C:\Users\Pc\Desktop\options.ini 2013-08-07 18:23 - 2013-07-09 01:47 - 00575029 _____ C:\Users\Pc\Desktop\left4uncut.exe 2013-08-06 21:06 - 2013-08-10 09:06 - 00000000 ____D C:\ProgramData\BitRaider 2013-08-06 21:06 - 2013-08-06 21:06 - 00000000 ____D C:\Users\Public\Documents\BitRaider 2013-08-06 21:05 - 2013-08-06 21:05 - 00000000 ____D C:\Users\Pc\AppData\Local\SWTORPerf 2013-08-06 20:56 - 2013-08-06 20:57 - 00016608 _____ C:\Users\Pc\Documents\Install STAR WARS The Old Republic.log 2013-08-06 20:56 - 2013-08-06 20:56 - 00000000 ____D C:\users\hedev 2013-08-06 18:42 - 2013-08-06 21:20 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TS3Client 2013-08-06 18:42 - 2013-08-06 18:42 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-08-06 18:42 - 2013-08-06 18:42 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-08-06 18:39 - 2013-08-16 07:59 - 00000169 _____ C:\Users\Pc\Desktop\Microcomandos.txt 2013-08-04 19:26 - 2013-08-04 19:26 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ==================== One Month Modified Files and Folders ======= 2013-09-01 14:53 - 2013-09-01 11:34 - 00019067 _____ C:\Windows\WindowsUpdate.log 2013-09-01 14:50 - 2013-09-01 12:21 - 00000112 _____ C:\Windows\setupact.log 2013-09-01 14:49 - 2013-07-29 19:50 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Skype 2013-09-01 14:22 - 2013-07-30 06:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-01 12:21 - 2013-09-01 12:21 - 00000000 _____ C:\Windows\setuperr.log 2013-09-01 11:39 - 2009-07-14 05:45 - 00021088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-01 11:39 - 2009-07-14 05:45 - 00021088 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-01 11:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-31 18:45 - 2013-07-30 14:23 - 00000000 ____D C:\Users\Pc\Documents\Euro Truck Simulator 2 2013-08-31 18:17 - 2013-07-30 06:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-08-31 18:17 - 2013-07-30 06:43 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-08-31 18:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-08-31 17:19 - 2013-07-17 00:33 - 00000000 ____D C:\users\Pc 2013-08-31 12:21 - 2013-08-31 12:21 - 00001250 _____ C:\Users\Pc\Desktop\JRT.txt 2013-08-31 12:13 - 2013-08-31 12:13 - 00000000 ____D C:\Windows\ERUNT 2013-08-31 12:06 - 2013-07-17 15:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-31 12:03 - 2013-08-31 12:03 - 00000000 ____D C:\AdwCleaner 2013-08-31 11:05 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\System32\perfh007.dat 2013-08-31 11:05 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\System32\perfc007.dat 2013-08-31 11:05 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-31 11:02 - 2013-08-31 11:02 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-31 11:02 - 2013-08-31 11:02 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Malwarebytes 2013-08-31 11:02 - 2013-08-31 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-31 11:02 - 2013-08-31 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-30 21:12 - 2013-08-30 21:12 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2013-08-30 21:09 - 2013-08-30 21:09 - 00002222 _____ C:\Users\Public\Desktop\AION Free-To-Play.lnk 2013-08-30 21:09 - 2013-08-30 21:09 - 00000000 ____D C:\Program Files (x86)\Gameforge 2013-08-30 21:08 - 2013-08-25 07:35 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IDM 2013-08-30 21:08 - 2013-07-17 01:23 - 00000000 ____D C:\Windows\Panther 2013-08-30 21:06 - 2013-08-30 21:00 - 145138568 _____ (Gameforge) C:\Users\Pc\Downloads\setup_20120224.exe 2013-08-30 20:53 - 2013-08-30 20:53 - 02432824 _____ (NCSOFT Corporation) C:\Users\Pc\Downloads\nclauncher_3_20130812.exe 2013-08-30 20:51 - 2013-08-30 20:50 - 19328880 _____ (Gameforge ) C:\Users\Pc\Downloads\AION_GameforgeLiveSetup.exe 2013-08-30 20:43 - 2013-08-10 09:04 - 00000000 ____D C:\Program Files (x86)\plaync 2013-08-29 18:13 - 2013-08-29 18:13 - 00000000 ____D C:\FRST 2013-08-29 16:18 - 2013-08-29 16:18 - 00001931 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-29 16:18 - 2013-07-17 15:24 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-26 11:13 - 2013-08-25 16:07 - 00000000 ____D C:\Users\Pc\AppData\Local\Unity 2013-08-25 14:39 - 2013-08-25 10:29 - 00000000 ____D C:\Users\Pc\AppData\Roaming\GetRightToGo 2013-08-25 08:11 - 2013-08-23 18:34 - 00000386 _____ C:\Users\Pc\Documents\eurotrucks2.CT 2013-08-25 08:04 - 2013-08-25 07:34 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2013-08-25 08:03 - 2013-08-25 07:35 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DMCache 2013-08-25 07:35 - 2013-08-25 07:35 - 00000000 ____D C:\ProgramData\IDM 2013-08-24 12:37 - 2013-08-24 12:37 - 00000561 _____ C:\Users\Pc\Desktop\Pictures - Verknüpfung.lnk 2013-08-24 05:56 - 2013-08-24 05:56 - 00000000 ____D C:\Windows\System32\appmgmt 2013-08-23 18:27 - 2013-08-23 18:27 - 00001098 _____ C:\Users\Pc\Desktop\Cheat Engine.lnk 2013-08-23 18:27 - 2013-08-23 18:27 - 00000000 ____D C:\Users\Pc\Documents\My Cheat Tables 2013-08-23 18:27 - 2013-08-23 18:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3 2013-08-22 20:33 - 2011-02-19 22:03 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-08-22 20:33 - 2011-02-18 23:40 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-08-22 15:45 - 2013-08-22 15:45 - 00000054 _____ C:\Users\Pc\AppData\Roaming\WB.CFG 2013-08-22 15:45 - 2013-08-22 15:45 - 00000005 _____ C:\Users\Pc\AppData\Roaming\WBPU-TTL.DAT 2013-08-22 14:45 - 2013-08-22 14:45 - 00000000 ____D C:\User Data 2013-08-18 21:15 - 2013-08-17 15:22 - 01589618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-18 20:33 - 2013-08-18 20:33 - 00000000 ____D C:\Users\Pc\AppData\Local\avgchrome 2013-08-18 20:33 - 2013-08-18 20:24 - 00000000 ____D C:\ProgramData\Freemake 2013-08-18 20:33 - 2013-08-18 20:23 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-08-18 20:24 - 2013-08-18 20:24 - 00000000 ____D C:\Users\Pc\Documents\Freemake 2013-08-18 19:57 - 2013-08-18 19:45 - 02724828 _____ C:\Users\Pc\Documents\08 16 Dollars.wma 2013-08-18 19:41 - 2013-08-18 19:31 - 04583358 _____ C:\Users\Pc\Documents\06 7 Shots.wma 2013-08-18 08:13 - 2013-07-22 06:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-17 21:42 - 2013-08-17 15:30 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Kalypso Media 2013-08-17 15:37 - 2013-07-18 21:42 - 00000000 ____D C:\Users\Pc\Documents\My Games 2013-08-17 15:25 - 2013-08-17 15:25 - 00000000 ____D C:\Program Files (x86)\Kalypso Media 2013-08-17 15:06 - 2013-08-17 15:06 - 00000760 _____ C:\Users\Pc\Desktop\Landwirtschafts Simulator 2011 .lnk 2013-08-17 12:52 - 2013-08-17 07:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-16 07:59 - 2013-08-06 18:39 - 00000169 _____ C:\Users\Pc\Desktop\Microcomandos.txt 2013-08-16 07:59 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-08-15 10:11 - 2013-08-15 10:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Risen2 2013-08-15 10:06 - 2013-08-15 10:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-14 14:27 - 2013-07-18 22:16 - 00000000 ____D C:\Windows\System32\MRT 2013-08-14 14:25 - 2013-07-17 01:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-14 14:11 - 2013-08-14 14:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Google 2013-08-10 16:17 - 2013-08-10 16:17 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-10 09:06 - 2013-08-06 21:06 - 00000000 ____D C:\ProgramData\BitRaider 2013-08-10 09:05 - 2013-08-10 09:05 - 00000641 _____ C:\Users\Pc\Documents\Uninstall STAR WARS The Old Republic.log 2013-08-09 16:25 - 2013-08-09 16:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Chromium 2013-08-07 18:23 - 2013-08-07 18:23 - 00000025 _____ C:\Users\Pc\Desktop\options.ini 2013-08-06 21:44 - 2013-07-17 15:26 - 00000000 ____D C:\Program Files\CCleaner 2013-08-06 21:20 - 2013-08-06 18:42 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TS3Client 2013-08-06 21:06 - 2013-08-06 21:06 - 00000000 ____D C:\Users\Public\Documents\BitRaider 2013-08-06 21:05 - 2013-08-06 21:05 - 00000000 ____D C:\Users\Pc\AppData\Local\SWTORPerf 2013-08-06 20:57 - 2013-08-06 20:56 - 00016608 _____ C:\Users\Pc\Documents\Install STAR WARS The Old Republic.log 2013-08-06 20:56 - 2013-08-06 20:56 - 00000000 ____D C:\users\hedev 2013-08-06 18:42 - 2013-08-06 18:42 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-08-06 18:42 - 2013-08-06 18:42 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-08-04 19:26 - 2013-08-04 19:26 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf Files to move or delete: ==================== C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\Setup.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\VisualCRT\vc2008redist_x86.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\DSETUP.dll C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\dsetup32.dll C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\DXSETUP.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\data\Star Wars - The Old Republic Uninstaller.exe C:\Users\Pc\AppData\Local\Temp\Quarantine.exe C:\Users\Pc\AppData\Local\Temp\~nsu.tmp\Au_.exe C:\Users\Pc\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe C:\Users\Pc\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2012-05-09 16:14] - [2012-05-09 16:14] - 0391168 ____A (Microsoft Corporation) EC5BD25A41E9B633CB39120DBB0939DC C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2012-05-09 16:53] - [2012-05-09 16:53] - 2872320 ____A (Microsoft Corporation) A27FB0CA2971BEC02595902A9FD35D6D C:\Windows\SysWOW64\explorer.exe [2012-05-09 16:53] - [2012-05-09 16:53] - 2616320 ____A (Microsoft Corporation) 82B49E32080BF5C469BF877C473B15EB C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2012-05-09 16:23] - [2012-05-09 16:23] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C C:\Windows\SysWOW64\User32.dll [2012-05-09 16:23] - [2012-05-09 16:23] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-05-09 16:24] - [2012-05-09 16:24] - 0296816 ____A (Microsoft Corporation) ABFECA99D72CE81E5C3612861F03B0CA ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-31 19:10:14 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4095.24 MB Available physical RAM: 3478.21 MB Total Pagefile: 4093.44 MB Available Pagefile: 3465.57 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:44.58 GB) (Free:9.17 GB) NTFS Drive e: (Speicher) (Fixed) (Total:298.34 GB) (Free:254.8 GB) NTFS Drive f: (Spiele) (Fixed) (Total:122.74 GB) (Free:53.75 GB) NTFS Drive h: (INTENSO) (Removable) (Total:3.61 GB) (Free:3.59 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E7C775AB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=45 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=298 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=123 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=4 GB) - (Type=06) LastRegBack: 2013-08-31 23:59 ==================== End Of Log ============================ --- --- --- im moment alles problemlos :-) |
01.09.2013, 17:27 | #12 |
/// the machine /// TB-Ausbilder | Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten ich hätte gern ein FRST Log vom Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.09.2013, 17:45 | #13 |
| Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten wie geht der? und warum eigentlich? Ich frag mich die ganze zeit was du in diesen dateien erkennst? |
01.09.2013, 19:45 | #14 |
/// the machine /// TB-Ausbilder | Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten Na wir bereinigen den Rechner, was sonst? Der Rechner startet doch wieder normal, also warum scannst Du aus der Recovery?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.09.2013, 18:49 | #15 |
| Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 01 Ran by Pc (administrator) on PC-PC on 02-09-2013 19:43:51 Running from C:\Users\Pc\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Valve Corporation) E:\Steam\Steam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKCU\...\Run: [Steam] - E:\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [GrooveMonitor] - E:\Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000AACS-00ZUB0_WD-WCASU602520225202&ts=1377179147 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000AACS-00ZUB0_WD-WCASU602520225202&ts=1377179147 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Office\Office12\GR469A~1.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Office\Office12\GRA32A~1.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Office\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jsvdjfs6.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR Extension: (savenshaarrea ) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpiecnejkncpcoccmhdhkkggpdkefpme\1 CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-06] (BitRaider, LLC) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S3 Microsoft Office Groove Audit Service; E:\Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] () R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group) R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [x] S3 BSMI; \??\C:\Program Files (x86)\Tseries BIOS Update\BSMIx64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-02 19:36 - 2013-09-02 19:36 - 00014585 _____ C:\Windows\WindowsUpdate.log 2013-08-31 13:21 - 2013-08-31 13:21 - 00001250 _____ C:\Users\Pc\Desktop\JRT.txt 2013-08-31 13:13 - 2013-08-31 13:13 - 00000000 ____D C:\Windows\ERUNT 2013-08-31 13:03 - 2013-08-31 13:03 - 00000000 ____D C:\AdwCleaner 2013-08-31 12:02 - 2013-08-31 12:02 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Malwarebytes 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-31 12:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-30 22:12 - 2013-08-30 22:12 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2013-08-30 22:09 - 2013-08-30 22:09 - 00002222 _____ C:\Users\Public\Desktop\AION Free-To-Play.lnk 2013-08-30 22:09 - 2013-08-30 22:09 - 00000000 ____D C:\Program Files (x86)\Gameforge 2013-08-30 22:00 - 2013-08-30 22:06 - 145138568 _____ (Gameforge) C:\Users\Pc\Downloads\setup_20120224.exe 2013-08-30 21:53 - 2013-08-30 21:53 - 02432824 _____ (NCSOFT Corporation) C:\Users\Pc\Downloads\nclauncher_3_20130812.exe 2013-08-30 21:50 - 2013-08-30 21:51 - 19328880 _____ (Gameforge ) C:\Users\Pc\Downloads\AION_GameforgeLiveSetup.exe 2013-08-29 19:13 - 2013-08-29 19:13 - 00000000 ____D C:\FRST 2013-08-29 17:18 - 2013-08-29 17:18 - 00001931 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-25 17:07 - 2013-08-26 12:13 - 00000000 ____D C:\Users\Pc\AppData\Local\Unity 2013-08-25 11:29 - 2013-08-25 15:39 - 00000000 ____D C:\Users\Pc\AppData\Roaming\GetRightToGo 2013-08-25 08:35 - 2013-08-30 22:08 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IDM 2013-08-25 08:35 - 2013-08-25 09:03 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DMCache 2013-08-25 08:35 - 2013-08-25 08:35 - 00000000 ____D C:\ProgramData\IDM 2013-08-25 08:34 - 2013-08-25 09:04 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2013-08-24 13:37 - 2013-08-24 13:37 - 00000561 _____ C:\Users\Pc\Desktop\Pictures - Verknüpfung.lnk 2013-08-24 06:56 - 2013-08-24 06:56 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-23 19:34 - 2013-08-25 09:11 - 00000386 _____ C:\Users\Pc\Documents\eurotrucks2.CT 2013-08-23 19:27 - 2013-08-23 19:27 - 00001098 _____ C:\Users\Pc\Desktop\Cheat Engine.lnk 2013-08-23 19:27 - 2013-08-23 19:27 - 00000000 ____D C:\Users\Pc\Documents\My Cheat Tables 2013-08-23 19:27 - 2013-08-23 19:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3 2013-08-22 16:45 - 2013-08-22 16:45 - 00000054 _____ C:\Users\Pc\AppData\Roaming\WB.CFG 2013-08-22 16:45 - 2013-08-22 16:45 - 00000005 _____ C:\Users\Pc\AppData\Roaming\WBPU-TTL.DAT 2013-08-22 15:45 - 2013-08-22 15:45 - 00000000 ____D C:\User Data 2013-08-18 21:33 - 2013-08-18 21:33 - 00000000 ____D C:\Users\Pc\AppData\Local\avgchrome 2013-08-18 21:24 - 2013-08-18 21:33 - 00000000 ____D C:\ProgramData\Freemake 2013-08-18 21:24 - 2013-08-18 21:24 - 00000000 ____D C:\Users\Pc\Documents\Freemake 2013-08-18 21:23 - 2013-08-18 21:33 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-08-18 20:45 - 2013-08-18 20:57 - 02724828 _____ C:\Users\Pc\Documents\08 16 Dollars.wma 2013-08-18 20:31 - 2013-08-18 20:41 - 04583358 _____ C:\Users\Pc\Documents\06 7 Shots.wma 2013-08-17 16:30 - 2013-08-17 22:42 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Kalypso Media 2013-08-17 16:25 - 2013-08-17 16:25 - 00000000 ____D C:\Program Files (x86)\Kalypso Media 2013-08-17 16:22 - 2013-08-18 22:15 - 01589618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-17 16:06 - 2013-08-17 16:06 - 00000760 _____ C:\Users\Pc\Desktop\Landwirtschafts Simulator 2011 .lnk 2013-08-17 08:55 - 2013-08-17 13:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 11:11 - 2013-08-15 11:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Risen2 2013-08-15 11:06 - 2013-08-15 11:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-14 15:33 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 15:33 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 15:33 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 15:33 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 15:33 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 15:33 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 15:33 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 15:33 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 15:33 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 15:33 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 15:33 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 15:33 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 15:33 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 15:33 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 15:11 - 2013-08-14 15:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Google 2013-08-14 13:44 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 13:44 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 13:44 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 13:44 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 13:44 - 2013-07-09 16:51 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 13:44 - 2013-07-09 16:51 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2013-08-14 13:44 - 2013-07-09 16:47 - 01472000 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 13:44 - 2013-07-09 16:47 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 13:44 - 2013-07-09 16:47 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 13:44 - 2013-07-09 16:02 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 13:44 - 2013-07-09 16:01 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2013-08-14 13:44 - 2013-07-09 15:57 - 01167360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 13:44 - 2013-07-09 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 13:44 - 2013-07-09 15:57 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 13:44 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 13:44 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 13:44 - 2013-07-08 07:22 - 05554624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 13:44 - 2013-07-08 07:20 - 01737688 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 13:44 - 2013-07-08 07:18 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-08-14 13:44 - 2013-07-08 07:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 13:44 - 2013-07-08 07:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-08-14 13:44 - 2013-07-08 07:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-08-14 13:44 - 2013-07-08 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-08-14 13:44 - 2013-07-08 07:14 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-08-14 13:44 - 2013-07-08 07:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-08-14 13:44 - 2013-07-08 07:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 07:08 - 03973056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 13:44 - 2013-07-08 07:08 - 03918272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 13:44 - 2013-07-08 07:06 - 01296312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 13:44 - 2013-07-08 07:05 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-08-14 13:44 - 2013-07-08 07:05 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-08-14 13:44 - 2013-07-08 07:05 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 05:31 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2013-08-14 13:44 - 2013-07-08 05:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2013-08-14 13:44 - 2013-07-08 05:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2013-08-14 13:44 - 2013-07-08 05:12 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-08-14 13:44 - 2013-07-08 05:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 13:44 - 2013-07-08 05:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 13:44 - 2013-07-08 05:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 13:44 - 2013-07-08 05:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 13:44 - 2013-07-08 05:02 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 05:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 05:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 05:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-08-14 13:44 - 2013-07-08 04:50 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-08-14 13:44 - 2013-07-06 07:20 - 01900992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 13:44 - 2013-07-06 07:20 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2013-08-14 13:44 - 2013-07-06 07:20 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2013-08-14 13:44 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-10 17:17 - 2013-08-10 17:17 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-10 10:05 - 2013-08-10 10:05 - 00000641 _____ C:\Users\Pc\Documents\Uninstall STAR WARS The Old Republic.log 2013-08-10 10:04 - 2013-08-30 21:43 - 00000000 ____D C:\Program Files (x86)\plaync 2013-08-09 17:25 - 2013-08-09 17:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Chromium 2013-08-07 19:23 - 2013-08-07 19:23 - 00000025 _____ C:\Users\Pc\Desktop\options.ini 2013-08-07 19:23 - 2013-07-09 02:47 - 00575029 _____ C:\Users\Pc\Desktop\left4uncut.exe 2013-08-06 22:06 - 2013-08-10 10:06 - 00000000 ____D C:\ProgramData\BitRaider 2013-08-06 22:06 - 2013-08-06 22:06 - 00000000 ____D C:\Users\Public\Documents\BitRaider 2013-08-06 22:05 - 2013-08-06 22:05 - 00000000 ____D C:\Users\Pc\AppData\Local\SWTORPerf 2013-08-06 21:56 - 2013-08-06 21:57 - 00016608 _____ C:\Users\Pc\Documents\Install STAR WARS The Old Republic.log 2013-08-06 21:56 - 2013-08-06 21:56 - 00000000 ____D C:\Users\hedev 2013-08-06 19:42 - 2013-08-06 22:20 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TS3Client 2013-08-06 19:42 - 2013-08-06 19:42 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-08-06 19:42 - 2013-08-06 19:42 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-08-06 19:39 - 2013-08-16 08:59 - 00000169 _____ C:\Users\Pc\Desktop\Microcomandos.txt 2013-08-04 20:26 - 2013-08-04 20:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ==================== One Month Modified Files and Folders ======= 2013-09-02 19:41 - 2009-07-14 06:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-02 19:41 - 2009-07-14 06:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-02 19:37 - 2013-09-02 19:36 - 00014585 _____ C:\Windows\WindowsUpdate.log 2013-09-02 19:35 - 2013-07-29 20:50 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Skype 2013-09-02 19:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-01 21:22 - 2013-07-30 07:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-01 20:23 - 2013-07-17 16:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-08-31 19:45 - 2013-07-30 15:23 - 00000000 ____D C:\Users\Pc\Documents\Euro Truck Simulator 2 2013-08-31 19:17 - 2013-07-30 07:43 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-08-31 19:17 - 2013-07-30 07:43 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-08-31 19:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-08-31 18:19 - 2013-07-17 01:33 - 00000000 ____D C:\Users\Pc 2013-08-31 13:27 - 2013-09-02 19:43 - 01589542 _____ (Farbar) C:\Users\Pc\Desktop\FRST64.exe 2013-08-31 13:21 - 2013-08-31 13:21 - 00001250 _____ C:\Users\Pc\Desktop\JRT.txt 2013-08-31 13:13 - 2013-08-31 13:13 - 00000000 ____D C:\Windows\ERUNT 2013-08-31 13:03 - 2013-08-31 13:03 - 00000000 ____D C:\AdwCleaner 2013-08-31 13:03 - 2013-07-17 01:34 - 00000998 _____ C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-08-31 12:05 - 2011-04-12 09:43 - 00696832 _____ C:\Windows\system32\perfh007.dat 2013-08-31 12:05 - 2011-04-12 09:43 - 00148128 _____ C:\Windows\system32\perfc007.dat 2013-08-31 12:05 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-31 12:02 - 2013-08-31 12:02 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Malwarebytes 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-31 12:02 - 2013-08-31 12:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-30 22:12 - 2013-08-30 22:12 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2013-08-30 22:09 - 2013-08-30 22:09 - 00002222 _____ C:\Users\Public\Desktop\AION Free-To-Play.lnk 2013-08-30 22:09 - 2013-08-30 22:09 - 00000000 ____D C:\Program Files (x86)\Gameforge 2013-08-30 22:08 - 2013-08-25 08:35 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IDM 2013-08-30 22:08 - 2013-07-17 02:23 - 00000000 ____D C:\Windows\Panther 2013-08-30 22:06 - 2013-08-30 22:00 - 145138568 _____ (Gameforge) C:\Users\Pc\Downloads\setup_20120224.exe 2013-08-30 21:53 - 2013-08-30 21:53 - 02432824 _____ (NCSOFT Corporation) C:\Users\Pc\Downloads\nclauncher_3_20130812.exe 2013-08-30 21:51 - 2013-08-30 21:50 - 19328880 _____ (Gameforge ) C:\Users\Pc\Downloads\AION_GameforgeLiveSetup.exe 2013-08-30 21:43 - 2013-08-10 10:04 - 00000000 ____D C:\Program Files (x86)\plaync 2013-08-29 19:13 - 2013-08-29 19:13 - 00000000 ____D C:\FRST 2013-08-29 17:18 - 2013-08-29 17:18 - 00001931 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-29 17:18 - 2013-07-17 16:24 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-08-26 12:13 - 2013-08-25 17:07 - 00000000 ____D C:\Users\Pc\AppData\Local\Unity 2013-08-25 15:39 - 2013-08-25 11:29 - 00000000 ____D C:\Users\Pc\AppData\Roaming\GetRightToGo 2013-08-25 09:11 - 2013-08-23 19:34 - 00000386 _____ C:\Users\Pc\Documents\eurotrucks2.CT 2013-08-25 09:04 - 2013-08-25 08:34 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2013-08-25 09:03 - 2013-08-25 08:35 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DMCache 2013-08-25 08:35 - 2013-08-25 08:35 - 00000000 ____D C:\ProgramData\IDM 2013-08-24 13:37 - 2013-08-24 13:37 - 00000561 _____ C:\Users\Pc\Desktop\Pictures - Verknüpfung.lnk 2013-08-24 06:56 - 2013-08-24 06:56 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-23 19:27 - 2013-08-23 19:27 - 00001098 _____ C:\Users\Pc\Desktop\Cheat Engine.lnk 2013-08-23 19:27 - 2013-08-23 19:27 - 00000000 ____D C:\Users\Pc\Documents\My Cheat Tables 2013-08-23 19:27 - 2013-08-23 19:27 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3 2013-08-22 21:33 - 2011-02-19 23:03 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-08-22 21:33 - 2011-02-19 00:40 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-08-22 16:45 - 2013-08-22 16:45 - 00000054 _____ C:\Users\Pc\AppData\Roaming\WB.CFG 2013-08-22 16:45 - 2013-08-22 16:45 - 00000005 _____ C:\Users\Pc\AppData\Roaming\WBPU-TTL.DAT 2013-08-22 15:45 - 2013-08-22 15:45 - 00000000 ____D C:\User Data 2013-08-18 22:15 - 2013-08-17 16:22 - 01589618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-08-18 21:33 - 2013-08-18 21:33 - 00000000 ____D C:\Users\Pc\AppData\Local\avgchrome 2013-08-18 21:33 - 2013-08-18 21:24 - 00000000 ____D C:\ProgramData\Freemake 2013-08-18 21:33 - 2013-08-18 21:23 - 00000000 ____D C:\Program Files (x86)\Freemake 2013-08-18 21:24 - 2013-08-18 21:24 - 00000000 ____D C:\Users\Pc\Documents\Freemake 2013-08-18 20:57 - 2013-08-18 20:45 - 02724828 _____ C:\Users\Pc\Documents\08 16 Dollars.wma 2013-08-18 20:41 - 2013-08-18 20:31 - 04583358 _____ C:\Users\Pc\Documents\06 7 Shots.wma 2013-08-18 09:13 - 2013-07-22 07:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-17 22:42 - 2013-08-17 16:30 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Kalypso Media 2013-08-17 16:37 - 2013-07-18 22:42 - 00000000 ____D C:\Users\Pc\Documents\My Games 2013-08-17 16:25 - 2013-08-17 16:25 - 00000000 ____D C:\Program Files (x86)\Kalypso Media 2013-08-17 16:06 - 2013-08-17 16:06 - 00000760 _____ C:\Users\Pc\Desktop\Landwirtschafts Simulator 2011 .lnk 2013-08-17 13:52 - 2013-08-17 08:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-16 08:59 - 2013-08-06 19:39 - 00000169 _____ C:\Users\Pc\Desktop\Microcomandos.txt 2013-08-16 08:59 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-08-15 11:11 - 2013-08-15 11:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Risen2 2013-08-15 11:06 - 2013-08-15 11:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-14 15:27 - 2013-07-18 23:16 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 15:25 - 2013-07-17 02:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-14 15:11 - 2013-08-14 15:11 - 00000000 ____D C:\Users\Pc\AppData\Local\Google 2013-08-10 17:17 - 2013-08-10 17:17 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-10 10:06 - 2013-08-06 22:06 - 00000000 ____D C:\ProgramData\BitRaider 2013-08-10 10:05 - 2013-08-10 10:05 - 00000641 _____ C:\Users\Pc\Documents\Uninstall STAR WARS The Old Republic.log 2013-08-09 17:25 - 2013-08-09 17:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Chromium 2013-08-07 19:23 - 2013-08-07 19:23 - 00000025 _____ C:\Users\Pc\Desktop\options.ini 2013-08-06 22:44 - 2013-07-17 16:26 - 00000000 ____D C:\Program Files\CCleaner 2013-08-06 22:20 - 2013-08-06 19:42 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TS3Client 2013-08-06 22:06 - 2013-08-06 22:06 - 00000000 ____D C:\Users\Public\Documents\BitRaider 2013-08-06 22:05 - 2013-08-06 22:05 - 00000000 ____D C:\Users\Pc\AppData\Local\SWTORPerf 2013-08-06 21:57 - 2013-08-06 21:56 - 00016608 _____ C:\Users\Pc\Documents\Install STAR WARS The Old Republic.log 2013-08-06 21:56 - 2013-08-06 21:56 - 00000000 ____D C:\Users\hedev 2013-08-06 19:42 - 2013-08-06 19:42 - 00001175 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2013-08-06 19:42 - 2013-08-06 19:42 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2013-08-04 20:26 - 2013-08-04 20:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf Files to move or delete: ==================== C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\Setup.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\VisualCRT\vc2008redist_x86.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\DSETUP.dll C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\dsetup32.dll C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\software\DirectX\DXSETUP.exe C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\data\Star Wars - The Old Republic Uninstaller.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2012-05-09 17:14] - [2012-05-09 17:14] - 0391168 ____A (Microsoft Corporation) EC5BD25A41E9B633CB39120DBB0939DC C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2012-05-09 17:53] - [2012-05-09 17:53] - 2872320 ____A (Microsoft Corporation) A27FB0CA2971BEC02595902A9FD35D6D C:\Windows\SysWOW64\explorer.exe [2012-05-09 17:53] - [2012-05-09 17:53] - 2616320 ____A (Microsoft Corporation) 82B49E32080BF5C469BF877C473B15EB C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2012-05-09 17:23] - [2012-05-09 17:23] - 1008128 ____A (Microsoft Corporation) 7FB4D54B502C6CF2E35B8188FA4CC08C C:\Windows\SysWOW64\User32.dll [2012-05-09 17:23] - [2012-05-09 17:23] - 0833024 ____A (Microsoft Corporation) 9B836EE76E3A99052EF6DEA52B41D1BE C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-05-09 17:24] - [2012-05-09 17:24] - 0296816 ____A (Microsoft Corporation) ABFECA99D72CE81E5C3612861F03B0CA LastRegBack: 2013-09-01 00:59 ==================== End Of Log ============================ --- --- --- k. A. ob das so richtig war, wenn nicht klär mich bitte auf meine Gehirnwindungen gehen halt in eine andere Richtung. |
Themen zu Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten |
pup.dealply.a, pup.optional.babylon.a, pup.optional.datamngr, pup.optional.dealply.a, pup.optional.delta.a, pup.optional.esafe.a, pup.optional.installcore.a, pup.optional.multiplug.a, pup.optional.opencandy, pup.optional.optimizerpro.a, pup.optional.optimzerpro.a, pup.optional.silentinstall.a, pup.optional.sprotect.a, pup.optional.tarma.a, trojan.fakealert.rre, weißer bildschirm, weißes fenster, win32/adware.multiplug.h, windows |