| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bitcoin Miner in svhost.exe erscheint nach Neustart wiederWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.09.2013, 15:50
| #1 |
 |  Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Hallo! ich habe anscheinend so einen Bitcoin Miner eingefangen (GPU Auslastung ständig auf 97%) Windows 7 Professional, Avira Antivir, Malwarebytes (Pro) mit aktiviertem Schutz Malwarebytes Logfile: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.04.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Schutz: Aktiviert 04.09.2013 16:32:44 mbam-log-2013-09-04 (16-32-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 31542 Laufzeit: 1 Minute(n), 45 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Hiden\AppData\Roaming\Microsoft\IE10\svhost.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Nun lösche ich das und nach dem neustart findet er den Miner aber wieder! Nun nehme ich an, dass da irgendwas läuft, das mir diesen Miner immer wieder neu erstellt. Wie finde ich da den Urprozess? Und wie kann ich das Ding endgültig los werden? Vielen DANK schonmal! |
|
04.09.2013, 15:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.09.2013, 15:59
| #3 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Leider bekam ich die Meldung, dass der Text zu lange ist, also muss ich die Logs als Anhang liefern.
__________________ |
|
04.09.2013, 16:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Was ist mit anderen Logs? Keine weiteren Funde der Virenscanner? Und die Logs bitte on CODE-Tags, wenn zu groß über zwei Postings verteilt posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.09.2013, 06:31
| #5 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2013 03 Ran by Hiden at 2013-09-04 16:55:49 Running from C:\Users\Hiden\Desktop\share Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Akamai NetSession Interface (HKCU) Akamai NetSession Interface (x32) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Audacity 2.0.3 (x32 Version: 2.0.3) Auto Lyrics (x32) Avira Free Antivirus (x32 Version: 13.0.0.4052) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11) Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9) Canon MOV Decoder (x32 Version: 1.5.0.7) Canon MOV Encoder (x32 Version: 1.3.0.3) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.0.8) Canon Utilities CameraWindow (x32 Version: 7.4.0.7) Canon Utilities CameraWindow DC 8 (x32 Version: 8.1.0.11) Canon Utilities Movie Uploader for YouTube (x32 Version: 1.0.0.11) Canon Utilities MyCamera (x32 Version: 7.3.0.5) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46) Canon Utilities ZoomBrowser EX (x32 Version: 6.5.0.14) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4) Captcha Brotherhood (x32 Version: 1.1.8) Cheat Engine 6.3 (x32) Clownfish for Skype (x32 Version: 6.3.60.105 ) Craften Terminal 3.3.4897.28268 (x32 Version: 3.3.4897.28268) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.47.1.0333) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) diclovit's mod pack 1.7.1 (x32 Version: 1.7.1) Dokan Library 0.6.0 (x32) dows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0) eBay (x32 Version: 1.0.1) FilesFrog Update Checker (x32) Free YouTube Download version 3.2.0.128 (x32 Version: 3.2.0.128) GameSpy Arcade (x32) GeForce Experience NvStream Client Components (Version: 0.1.87) GIANTS Editor 5.0.1 (x32 Version: 5.0.1) Gizmo Central (x32 Version: v2.7.9) Glary Utilities 3.9.1 (x32 Version: 3.9.1.138) Google Chrome (HKCU Version: 29.0.1547.62) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java 7 Update 9 (64-bit) (Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.5) Java SE Development Kit 7 Update 17 (x32 Version: 1.7.0.170) JDownloader 0.9 (x32 Version: 0.9) Junk Mail filter update (x32 Version: 15.4.3502.0922) Landwirtschafts Simulator 2013 (x32 Version: 1.0) Logitech Gaming Software (Version: 8.45.88) Logitech Gaming Software 5.10 (Version: 5.10.127) Logitech Gaming Software 8.46 (Version: 8.46.27) MagniPic (Version: 1.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) MFC RunTime files (x32 Version: 1.0.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1) Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1) ModChanger (x32) MSI Afterburner 2.3.1 (x32 Version: 2.3.1) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC80_x86_v2 (x32 Version: 1.0.3.0) MSVC90_x64 (Version: 1.0.1.2) MSVC90_x86 (x32 Version: 1.0.1.2) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Need For Speed™ World (x32 Version: 1.0.0.1398) Nokia Connectivity Cable Driver (x32 Version: 7.1.45.0) Notepad++ (x32 Version: 6.2.3) NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49) NVIDIA 3D Vision Treiber 320.49 (Version: 320.49) NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1) NVIDIA Grafiktreiber 320.49 (Version: 320.49) NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.133.902) NVIDIA PhysX (x32 Version: 9.13.0604) NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049) NVIDIA Systemsteuerung 320.49 (Version: 320.49) NVIDIA Update 8.3.14 (Version: 8.3.14) NVIDIA Update Components (Version: 8.3.14) NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5) PC Connectivity Solution (x32 Version: 11.4.21.0) PowerISO (x32 Version: 5.7) REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0150) SafeSaver 1.74 (x32) SHIELD Streaming (Version: 1.05.28) Skype™ 6.6 (x32 Version: 6.6.106) SpeedFan (remove only) (x32) TeamSpeak 3 Client (HKCU Version: 3.0.11.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.20 (64-Bit) (Version: 4.20.0) WinZipper (x32 Version: 1.4.8) World of Tanks (x32) ==================== Restore Points ========================= 01-09-2013 17:00:07 Windows-Sicherung 02-09-2013 06:16:34 Entfernt InstallShield Wiederherstellungspunkt 04-09-2013 06:20:45 Entfernt Stronghold Crusader 04-09-2013 06:24:59 Removed VirtualDJ Home FREE 04-09-2013 09:45:30 04.09.13-Fischer ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started Task: {0803A813-6437-498D-AC07-613A98EAF9CA} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2013-02-16] (Arainia Solutions) Task: {109F2D68-DE85-4250-8790-F69520AB48B4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {11BAA340-2FB8-4C1D-8BCA-18D6DE6F577B} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {1624DED4-10AA-47DA-A4D6-033B7173C936} - System32\Tasks\GlaryInitialize 3 => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe [2013-09-02] (Glarysoft Ltd) Task: {1B856DF1-1F14-45D4-B94A-DBE3833BB609} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {2E917A26-4BCC-44C0-88EF-166B1A86B087} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc Task: {8325AD79-23AD-48EA-AE69-A71AC6576DB3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation) Task: {91E04826-1A09-441E-963B-A00D738214A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated) Task: {94A244D4-FC2F-43EC-BEB6-24EAF7245950} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe No File Task: {95713F1F-4565-4EEB-8590-E3005CB0CB40} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {BF6839E1-AB1E-4DEB-B45F-924C36954FA0} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File Task: {C489CEB2-EF64-4A44-8C59-27C3416772D4} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe No File Task: {ECFED734-CB47-4E38-820D-446778883CD8} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {F1BD5839-C619-422E-B505-AB7485A6007A} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File Task: {F306AF33-D7C6-44B7-AC70-638C23B38DE0} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2009-07-14 01:41 - 2009-07-14 03:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\uiautomationcore.dll 2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2013-09-02 11:08 - 2013-09-02 11:08 - 00077088 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\x64\ContextHandler.dll 2012-12-06 16:58 - 2012-12-06 16:58 - 00367528 _____ () C:\Program Files (x86)\Gizmo\gshell-x64.dll 2013-07-09 17:32 - 2013-07-09 17:32 - 00150184 _____ (337 Technology Limited.) C:\Program Files (x86)\WinZipper\eshellctx64.dll 2013-07-22 04:19 - 2013-07-22 04:19 - 00232984 _____ (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOSH.DLL 2009-07-14 01:55 - 2009-07-14 03:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\shpafact.dll 2013-03-25 19:40 - 2012-06-09 20:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll 2010-11-21 05:24 - 2010-11-21 05:24 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\SPPC.DLL 2013-09-04 11:26 - 2013-06-21 12:23 - 04528416 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvUI.dll 2012-12-06 09:57 - 2013-08-27 23:16 - 04864800 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll 2012-12-06 09:57 - 2013-08-27 23:16 - 01190688 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU64.DLL 2012-12-06 09:57 - 2013-08-27 23:16 - 01662240 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL 2013-04-24 23:57 - 2013-04-24 23:57 - 03276288 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtCore4.dll 2013-04-24 23:57 - 2013-04-24 23:57 - 12168192 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtGui4.dll 2013-04-24 23:57 - 2013-04-24 23:57 - 00539136 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtXml4.dll 2013-04-24 23:57 - 2013-04-24 23:57 - 01085952 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtNetwork4.dll 2013-04-24 23:57 - 2013-04-24 23:57 - 01990144 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtScript4.dll 2013-04-24 23:57 - 2013-04-24 23:57 - 00750080 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtHelp4.dll 2013-04-24 23:57 - 2013-04-24 23:57 - 00897024 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtSql4.dll 2013-04-24 23:57 - 2013-04-24 23:57 - 01807360 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtCLucene4.dll 2013-04-24 23:57 - 2013-04-24 23:57 - 00841728 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtOpenGL4.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.DLL 2013-04-24 23:57 - 2013-04-24 23:57 - 00173568 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\imageformats\qjpeg4.dll 2009-07-14 02:20 - 2009-07-14 03:40 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\DINPUT.dll 2009-07-14 01:46 - 2009-07-14 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\TaskSchdPS.dll 2010-11-21 05:24 - 2010-11-21 05:24 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll 2013-02-16 15:40 - 2013-02-16 15:40 - 01570712 _____ (Arainia Solutions) C:\Program Files (x86)\Gizmo\ggui.dll 2013-02-16 15:40 - 2013-02-16 15:40 - 00166816 _____ () C:\Program Files (x86)\Gizmo\GImage.DLL 2013-02-16 15:40 - 2013-02-16 15:40 - 02228136 _____ (Arainia Solutions) C:\Program Files (x86)\Gizmo\gvillage.DLL 2013-02-16 15:40 - 2013-02-16 15:40 - 00218016 _____ (Arainia Solutions) C:\Program Files (x86)\Gizmo\grender.dll 2013-02-16 15:40 - 2013-02-16 15:40 - 00315800 _____ () C:\Program Files (x86)\Gizmo\gmanager.DLL 2013-02-16 15:40 - 2013-02-16 15:40 - 00034720 _____ (Arainia Solutions) C:\Program Files (x86)\Gizmo\ghook.DLL 2013-02-16 15:40 - 2013-02-16 15:40 - 00404384 _____ () C:\Program Files (x86)\Gizmo\gdatabase.dll 2013-02-16 15:40 - 2013-02-16 15:40 - 00394656 _____ () C:\Program Files (x86)\Gizmo\gdrive.dll 2013-02-16 15:40 - 2013-02-16 15:40 - 00339864 _____ () C:\Program Files (x86)\Gizmo\geditor.dll 2013-02-16 15:40 - 2013-02-16 15:40 - 00372632 _____ () C:\Program Files (x86)\Gizmo\ghash.dll 2013-02-16 15:40 - 2013-02-16 15:40 - 00339864 _____ () C:\Program Files (x86)\Gizmo\gscript.dll 2011-06-11 01:15 - 2011-06-11 01:15 - 05601616 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll 2012-12-06 22:04 - 2013-01-02 18:58 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll 2012-12-06 22:04 - 2013-01-02 18:58 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll 2011-06-11 01:15 - 2011-06-11 01:15 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL 2013-04-21 21:44 - 2013-04-21 21:44 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-11-21 05:24 - 2010-11-21 05:24 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Windows\system32\Thumbs.db:encryptable AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\Users\Hiden\Thumbs.db:encryptable AlternateDataStreams: C:\Users\Hiden\Desktop\Thumbs.db:encryptable AlternateDataStreams: C:\Users\Hiden\AppData\Thumbs.db:encryptable ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/04/2013 01:54:31 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften Prozesses: 0x810 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/04/2013 11:50:40 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/04/2013 11:09:18 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften Prozesses: 0x10dc Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/04/2013 07:56:22 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften Prozesses: 0xf10 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/03/2013 08:16:19 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften Prozesses: 0x6f0 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/03/2013 02:15:52 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften Prozesses: 0x8e8 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/03/2013 08:16:19 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften Prozesses: 0xc3c Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/02/2013 08:02:37 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften Prozesses: 0x13b4 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/02/2013 02:02:58 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011380 ID des fehlerhaften Prozesses: 0x127c Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/02/2013 08:14:34 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: _is7D69.exe, Version: 12.0.0.58849, Zeitstempel: 0x45b1a378 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58851, Zeitstempel: 0x45e5fb47 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0009522f ID des fehlerhaften Prozesses: 0x1420 Startzeit der fehlerhaften Anwendung: 0x_is7D69.exe0 Pfad der fehlerhaften Anwendung: _is7D69.exe1 Pfad des fehlerhaften Moduls: _is7D69.exe2 Berichtskennung: _is7D69.exe3 System errors: ============= Error: (09/04/2013 04:36:27 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/04/2013 04:35:03 PM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/04/2013 04:35:03 PM) (Source: DCOM) (User: ) Description: {53362C32-A296-4F2D-A2F8-FD984D08340B} Error: (09/04/2013 04:35:00 PM) (Source: DCOM) (User: ) Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1} Error: (09/04/2013 03:08:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/04/2013 03:06:11 PM) (Source: DCOM) (User: ) Description: {53362C32-A296-4F2D-A2F8-FD984D08340B} Error: (09/04/2013 01:42:38 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/04/2013 01:30:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/04/2013 01:30:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (09/04/2013 01:26:56 PM) (Source: DCOM) (User: ) Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1} Microsoft Office Sessions: ========================= Error: (09/04/2013 01:54:31 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050001138081001cea9657e8a04aaC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exec1915377-1558-11e3-8fb1-001999ea7c11 Error: (09/04/2013 11:50:40 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\$Recycle.Bin\S-1-5-21-1013355498-1814289779-388905639-1000\$R9C37VW.exe Error: (09/04/2013 11:09:18 AM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050001138010dc01cea94e671a1711C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exead41a7d1-1541-11e3-90da-001999ea7c11 Error: (09/04/2013 07:56:22 AM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500011380f1001cea9333916aa24C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeb954b757-1526-11e3-99e4-99e8b13b3adc Error: (09/03/2013 08:16:19 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c0000005000113806f001cea8d19d034015C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeedce8b0a-14c4-11e3-8833-c96e60126bdd Error: (09/03/2013 02:15:52 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c0000005000113808e801cea89f4d160e74C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe92cfa14a-1492-11e3-8833-c96e60126bdd Error: (09/03/2013 08:16:19 AM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500011380c3c01cea86d02e0f4e3C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe5895479f-1460-11e3-9fb7-874de5df03df Error: (09/02/2013 08:02:37 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050001138013b401cea80696e882bfC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exed9211f14-13f9-11e3-9b91-df3e0cc41dde Error: (09/02/2013 02:02:58 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500011380127c01cea7d44c157796C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe9b628162-13c7-11e3-9b91-df3e0cc41dde Error: (09/02/2013 08:14:34 AM) (Source: Application Error)(User: ) Description: _is7D69.exe12.0.0.5884945b1a378ISSetup.dll12.0.0.5885145e5fb47c00000050009522f142001cea7a3ae6f7347C:\Users\Hiden\AppData\Local\Temp\_is7D69.exeC:\Users\Hiden\AppData\Local\Temp\{B771FFE1-98DB-41C6-8C9B-3B141E230B70}\ISSetup.dllefa7a86f-1396-11e3-aa13-b83fe90891dc ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 4045.9 MB Available physical RAM: 2630.33 MB Total Pagefile: 8089.99 MB Available Pagefile: 6294.32 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:248.91 GB) (Free:132.43 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Daten) (Fixed) (Total:201.17 GB) (Free:159.51 GB) NTFS Drive e: (LS2013) (CDROM) (Total:1.36 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 71765B60) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=464 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
|
05.09.2013, 06:44
| #6 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by Hiden (administrator) on HIDEN-PC on 04-09-2013 16:55:06
Running from C:\Users\Hiden\Desktop\share
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-02-16] (Arainia Solutions)
MountPoints2: G - G:\cdstart.exe
MountPoints2: I - I:\cdstart.exe
MountPoints2: {7051758a-b309-11e2-9e44-fbb951157bc6} - F:\OriginInstaller.exe
MountPoints2: {b4993d4d-3f3e-11e2-8214-806e6f6e6963} - E:\cdstart.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk
ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM-x32 - {43127BD9-3ACA-4259-9A77-D5C69F5CB9BA} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKLM-x32 - {96932D4E-8C01-43DD-98CC-011CA708A907} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_bad2g&mntrId=0016000C4343BD02
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_bad2g&mntrId=0016000C4343BD02
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {62E3F633-EDFB-44CC-9142-718C84A5CD02} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119292&babsrc=SP_ss&mntrId=001620ef000000000000000c4343bd02
SearchScopes: HKCU - {B5918D46-D596-40AB-B9B9-4235D17141A0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=3DB68FCC-ADA4-4017-8C38-58DE2CDFAFE8&apn_sauid=22187DFA-8181-45F6-B34D-BA650EECB054
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb205/?search={searchTerms}&loc=IB_DS&a=6PQRV9rixw&i=26
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default
FF user.js: detected! => C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Funmoods.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Searchab.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\winload-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF Extension: Browse2save - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\511fe088829a4@511fe088829dd.com
FF Extension: incredibar.com - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ffxtlbr@incredibar.com
FF Extension: Spartipps von SparPilot.com - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\sparpilot@sparpilot.com
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\staged
FF Extension: Winload - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF Extension: WhiteSmoke US New - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
FF Extension: ftdownloader - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ftdownloader@ftdownloader.com.xpi
FF Extension: torntv - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\WTB_GLOBAL.sqlite
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [511fe088829a4@511fe088829dd.com] C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
FF Extension: Browse2save - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF HKCU\...\Firefox\Extensions: [autolyrics@man-soft.net] C:\Program Files (x86)\AutoLyrics\FF\
FF Extension: No Name - C:\Program Files (x86)\AutoLyrics\FF\
Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "https://www.google.at/"
CHR DefaultSearchURL: (Babylon Search) - hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0016944452EDFDAF&affID=123895&tsp=4985
CHR DefaultSuggestURL: (Babylon Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Hiden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Lightning Newtab) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.9_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Auto Lyrics) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.114_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Hiden\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Hiden\AppData\Local\funmoods-speeddial_sf.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Hiden\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx
CHR HKLM-x32\...\Chrome\Extension: [pkcdkfohdadbjmlfejhncigcbfkiaamf] - C:\Program Files (x86)\AutoLyrics\Chrome.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-02-16] (Arainia Solutions)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-09] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [x]
==================== Drivers (Whitelisted) ====================
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-02] (DT Soft Ltd)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.)
U3 acpfkkt3; C:\Windows\System32\Drivers\acpfkkt3.sys [0 ] (Advanced Micro Devices)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-04 16:39 - 2013-09-04 16:54 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-04 16:25 - 2013-09-04 16:25 - 02134420 _____ C:\Users\Hiden\Downloads\RogueKiller_8.6.9.zip
2013-09-04 14:26 - 2013-09-04 14:28 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:35 - 2013-09-02 11:09 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-04 12:23 - 2013-09-04 16:31 - 00000000 ____D C:\_tools
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-04 16:37 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-04 11:42 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:42 - 2013-09-02 11:09 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-04 11:41 - 2013-09-04 11:41 - 16243768 _____ C:\Users\Hiden\Downloads\gu3setup.exe
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:26 - 2013-06-21 12:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-04 11:26 - 2013-06-21 12:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-04 11:26 - 2013-06-20 06:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-04 11:18 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-09-04 11:18 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-04 11:18 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-04 11:18 - 2013-01-29 10:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-04 11:16 - 2013-09-04 11:16 - 02453054 _____ C:\Users\Hiden\Downloads\hw64_422.zip
2013-09-04 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-04 11:10 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-09-04 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-04 08:52 - 2013-09-04 08:53 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 13:30 - 2013-09-03 13:36 - 19740030 _____ C:\Users\Hiden\Downloads\Fendt_312TMS_Red_BTS_V2.zip
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 17:35 - 2013-09-02 17:35 - 00018465 _____ C:\Users\Hiden\Downloads\ZZZ_fastForward.zip
2013-09-02 15:24 - 2013-09-02 15:24 - 12770646 _____ C:\Users\Hiden\Downloads\xvm-4.1.1.zip
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-09-01 08:34 - 2013-09-04 10:59 - 00000000 ____D C:\Windows\Minidump
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 10:38 - 2013-08-31 16:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 20:21 - 2013-08-30 20:21 - 01358962 _____ C:\Users\Hiden\Downloads\Bierkarre.zip
2013-08-30 20:20 - 2013-08-30 20:21 - 11326313 _____ C:\Users\Hiden\Downloads\LizardBully275HP.zip
2013-08-30 20:19 - 2013-08-30 20:24 - 174242488 _____ C:\Users\Hiden\Downloads\DonsMapV1.zip
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 19:12 - 2013-08-30 19:13 - 17423012 _____ C:\Users\Hiden\Downloads\UniversalBaleTrailer_v3_OPEN_ME.rar
2013-08-30 14:24 - 2013-08-30 14:24 - 03808017 _____ C:\Users\Hiden\Downloads\WelgerAP.zip
2013-08-30 14:06 - 2013-08-30 14:07 - 03760642 _____ C:\Users\Hiden\Downloads\SipmaZ224.zip
2013-08-30 14:02 - 2013-08-30 14:03 - 30501886 _____ C:\Users\Hiden\Downloads\Ballengitterwagen_Pack_entpacken.rar
2013-08-30 13:57 - 2013-08-30 14:04 - 221791348 _____ C:\Users\Hiden\Downloads\entpack mich.rar
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 19:08 - 2013-08-29 19:12 - 69599016 _____ C:\Users\Hiden\Downloads\GIANTSContest2013_Belgique_Profonde_2_LuxFarm_Ls.zip
2013-08-29 19:06 - 2013-08-29 19:14 - 163566314 _____ C:\Users\Hiden\Downloads\Ahlen_Map.zip
2013-08-29 18:34 - 2013-08-29 18:37 - 94159810 _____ C:\Users\Hiden\Downloads\hackselLandV1.zip
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 13:14 - 2013-08-29 13:14 - 00010992 _____ C:\Users\Hiden\Downloads\aaaf56b5caa5132724beb5aa9aa22998.dlc
2013-08-29 10:38 - 2013-08-29 10:39 - 03503441 _____ C:\Users\Hiden\Downloads\Piper Bergwacht Download.zip
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 17:38 - 2013-08-28 17:38 - 00111602 _____ C:\Users\Hiden\Downloads\SrsMoney.zip
2013-08-28 15:03 - 2013-09-04 11:28 - 00000000 ____D C:\hw64_422
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 15:00 - 2013-08-28 15:01 - 01981816 _____ C:\Users\Hiden\Downloads\cpu-z-166.zip
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-28 13:11 - 2013-08-28 13:11 - 00002119 _____ C:\Users\Hiden\Downloads\[isoHunt] SKI REGION SIMULATOR 2012-FIGHTCLUB CRACK 2012.rar.torrent
2013-08-28 13:01 - 2013-02-09 09:00 - 00000193 _____ C:\Users\Hiden\Downloads\share-online.biz.URL
2013-08-28 13:01 - 2013-02-09 08:59 - 00000123 _____ C:\Users\Hiden\Downloads\uploaded.to.URL
2013-08-28 13:01 - 2013-01-22 06:41 - 00000000 _____ C:\Users\Hiden\Downloads\Upped_by_Erdbeerschaum.txt
2013-08-28 13:01 - 2013-01-05 15:13 - 00000410 _____ C:\Users\Hiden\Downloads\Wichtige Information!.txt
2013-08-28 13:01 - 2012-03-08 12:00 - 00000000 ____D C:\Users\Hiden\Downloads\deski
2013-08-28 12:05 - 2013-08-28 12:05 - 06701308 _____ C:\Users\Hiden\Downloads\PrinothSchneefraese600.zip
2013-08-28 12:03 - 2013-08-28 12:03 - 06026202 _____ C:\Users\Hiden\Downloads\MB1520_for_SRS2012.zip
2013-08-28 11:53 - 2013-08-28 11:53 - 00321822 _____ C:\Users\Hiden\Downloads\Jd_Tow_Frame.zip
2013-08-28 11:52 - 2013-08-28 11:52 - 11830262 _____ C:\Users\Hiden\Downloads\Schneekanonenpack_Installer.exe
2013-08-28 11:49 - 2013-08-28 11:50 - 15865848 _____ C:\Users\Hiden\Downloads\Entpacken.zip
2013-08-28 11:48 - 2013-08-28 11:48 - 10216483 _____ C:\Users\Hiden\Downloads\Fendt_209_S.zip
2013-08-28 11:45 - 2013-08-28 11:45 - 19309119 _____ C:\Users\Hiden\Downloads\Xerion_Pack.rar
2013-08-28 11:44 - 2013-08-28 11:44 - 02972305 _____ C:\Users\Hiden\Downloads\Alfamodding_Ski_Addon.zip
2013-08-28 10:57 - 2013-08-28 10:57 - 00002948 _____ C:\Users\Hiden\Downloads\50e3b8d8af67beb9b30cb3272123eac5.dlc
2013-08-28 10:44 - 2013-08-28 10:44 - 10667567 _____ C:\Users\Hiden\Downloads\Fendt_209_S.exe
2013-08-28 10:44 - 2013-08-28 10:44 - 02350778 _____ C:\Users\Hiden\Downloads\PrinothBeast.exe
2013-08-28 08:39 - 2013-08-28 08:45 - 107605806 _____ C:\Users\Hiden\Downloads\AlitaFarm.zip
2013-08-28 08:39 - 2013-08-28 08:41 - 20931134 _____ C:\Users\Hiden\Downloads\NewHolland_T7_210.zip
2013-08-28 08:38 - 2013-08-28 08:47 - 184153897 _____ C:\Users\Hiden\Downloads\Drensteinfurt.zip
2013-08-28 08:38 - 2013-08-28 08:39 - 15667129 _____ C:\Users\Hiden\Downloads\FortunaFTM200_6_0.zip
2013-08-28 08:37 - 2013-08-28 08:38 - 27038761 _____ C:\Users\Hiden\Downloads\Zunhammer18500PU.zip
2013-08-28 08:37 - 2013-08-28 08:38 - 15066930 _____ C:\Users\Hiden\Downloads\JohnDeere6RPack.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00482516 _____ C:\Users\Hiden\Downloads\DustWheels.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00055856 _____ C:\Users\Hiden\Downloads\RealLights_v098.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00036427 _____ C:\Users\Hiden\Downloads\ESLimiter.zip
2013-08-28 08:36 - 2013-08-28 08:37 - 14569964 _____ C:\Users\Hiden\Downloads\JD6150RSN.zip
2013-08-28 08:36 - 2013-08-28 08:37 - 07024980 _____ C:\Users\Hiden\Downloads\KotteZubringer.zip
2013-08-28 08:36 - 2013-08-28 08:37 - 03345223 _____ C:\Users\Hiden\Downloads\KotteContainer.zip
2013-08-28 08:36 - 2013-08-28 08:37 - 00035256 _____ C:\Users\Hiden\Downloads\ZZZ_manualIgnition.zip
2013-08-27 21:07 - 2013-08-27 21:07 - 01566289 _____ C:\Users\Hiden\Downloads\Single_Axle_UBT_v2_by_xiukaz_UNPACK.zip
2013-08-27 18:18 - 2013-08-27 18:19 - 01839939 _____ C:\Users\Hiden\Downloads\LegoTracBySYM.zip
2013-08-27 18:17 - 2013-08-27 18:17 - 02861884 _____ C:\Users\Hiden\Downloads\Contest2013_FlieglTDK200.zip
2013-08-27 18:16 - 2013-08-27 18:17 - 11308886 _____ C:\Users\Hiden\Downloads\NewHolland_378.zip
2013-08-27 18:16 - 2013-08-27 18:16 - 01790638 _____ C:\Users\Hiden\Downloads\Kran_Halle.zip
2013-08-26 09:51 - 2013-08-26 10:00 - 27514869 _____ C:\Users\Hiden\Downloads\RopaEuroTigerPack.zip
2013-08-26 07:15 - 2013-08-26 07:15 - 04472200 _____ C:\Users\Hiden\Downloads\HorschPronto9DC_ce.zip
2013-08-26 07:10 - 2013-08-26 07:10 - 05602237 _____ C:\Users\Hiden\Downloads\horsch.zip
2013-08-26 07:07 - 2013-08-26 07:07 - 10159758 _____ C:\Users\Hiden\Downloads\KrampeBBS650_ce.zip
2013-08-26 07:05 - 2013-08-26 08:05 - 183025975 _____ C:\Users\Hiden\Downloads\Pawikowo_Finalv2.zip
2013-08-26 07:04 - 2013-08-26 07:04 - 06614055 _____ C:\Users\Hiden\Downloads\grimmeRootster604MF.zip
2013-08-26 07:01 - 2013-08-26 07:02 - 19318364 _____ C:\Users\Hiden\Downloads\Deutz_7545_Multifrucht.zip
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 17:34 - 2013-08-25 17:41 - 19971755 _____ C:\Users\Hiden\Downloads\JaguarBE_entpacken.zip
2013-08-25 16:15 - 2013-08-25 16:15 - 00211197 _____ C:\Users\Hiden\Downloads\Claas_Conspeed.zip
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-25 11:08 - 2013-08-25 11:08 - 00032153 _____ C:\Users\Hiden\Downloads\ZZZ_GPS.zip
2013-08-23 16:28 - 2013-08-23 16:28 - 02492035 _____ C:\Users\Hiden\Downloads\Kotte_FRP_145.exe
2013-08-23 16:25 - 2013-08-23 16:25 - 07148837 _____ C:\Users\Hiden\Downloads\TRAIL_Rolland_20_30.zip
2013-08-23 15:13 - 2013-08-23 15:13 - 10347909 _____ C:\Users\Hiden\Downloads\BF3_Update_05March2013.rar
2013-08-23 14:58 - 2013-08-23 15:46 - 901523129 _____ C:\Users\Hiden\Downloads\Battlefield3_EN.rar
2013-08-23 14:57 - 2013-08-23 15:39 - 639594154 _____ C:\Users\Hiden\Downloads\Battlefield3_DE.rar
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-23 10:57 - 2013-08-23 10:57 - 00822784 _____ C:\Users\Hiden\Downloads\BF3 Auto Language Changer.exe
2013-08-23 10:57 - 2013-08-23 10:57 - 00822784 _____ C:\Users\Hiden\Downloads\BF3 Auto Language Changer (1).exe
2013-08-23 07:34 - 2013-08-23 19:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-22 17:40 - 2013-08-22 17:47 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:06 - 2013-08-23 16:01 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-22 13:14 - 2013-09-04 14:20 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 11:23 - 2013-08-22 11:23 - 03053757 _____ C:\Users\Hiden\Downloads\concreteSawSampleDevice.exe
2013-08-22 11:22 - 2013-08-22 11:25 - 35519412 _____ C:\Users\Hiden\Downloads\EntpackeMich.zip
2013-08-22 11:22 - 2013-08-22 11:24 - 21483593 _____ C:\Users\Hiden\Downloads\EntpackeMICH_DC_Mission02.rar
2013-08-22 09:29 - 2013-08-22 16:20 - 1495924736 ____R C:\Users\Hiden\Downloads\BF3.iso
2013-08-22 09:10 - 2013-08-22 09:11 - 23196597 _____ C:\Users\Hiden\Downloads\Battlefield 3 Multiplayer.zip
2013-08-22 09:09 - 2013-08-22 09:14 - 156995087 _____ C:\Users\Hiden\Downloads\battlefield 3 game.zip
2013-08-22 09:09 - 2013-08-22 09:11 - 00000000 ____D C:\Users\Hiden\Downloads\Battlefield 3 [PC ~ MULTI10][RELOADED]
2013-08-22 09:06 - 2013-08-22 09:06 - 00046430 _____ C:\Users\Hiden\Downloads\Battlefield3@www.torrent.to.torrent
2013-08-22 09:04 - 2013-08-22 09:05 - 00000000 ____D C:\Users\Hiden\Downloads\uTorrent Ultra Accelerator v2.6.0[Asterus]
2013-08-22 09:04 - 2013-08-22 09:04 - 00001783 _____ C:\Users\Hiden\Downloads\uTorrentUltraAcceleratorv2.6.0Asterus@www.torrent.to (1).torrent
2013-08-22 09:02 - 2013-08-22 09:03 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (4).exe
2013-08-22 09:02 - 2013-08-22 09:02 - 00001783 _____ C:\Users\Hiden\Downloads\uTorrentUltraAcceleratorv2.6.0Asterus@www.torrent.to.torrent
2013-08-21 12:43 - 2013-08-21 12:46 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-21 11:38 - 2013-08-21 11:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (3).exe
2013-08-21 11:38 - 2013-08-21 11:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (2).exe
2013-08-21 10:39 - 2013-08-21 11:58 - 00000000 ____D C:\Users\Hiden\Downloads\Battlefield.3-RELOADED
2013-08-21 10:38 - 2013-08-21 10:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (1).exe
2013-08-21 10:37 - 2013-08-21 10:37 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017.exe
2013-08-21 10:34 - 2013-08-21 10:35 - 08166239 _____ C:\Users\Hiden\Downloads\bf3.rar
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 16:26 - 2013-07-22 04:19 - 00126872 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2013-08-20 14:09 - 2013-08-20 14:49 - 1096558289 _____ C:\Users\Hiden\Downloads\Demolition Company.rar
2013-08-20 14:06 - 2013-08-20 14:06 - 01130576 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\utorrent.exe
2013-08-20 13:47 - 2013-08-20 13:47 - 00157234 _____ C:\Users\Hiden\Downloads\RouterReconnect_1.3.zip
2013-08-20 13:47 - 2013-08-20 13:47 - 00000000 ____D C:\Users\Hiden\Downloads\RouterReconnect_1.3
2013-08-20 13:41 - 2013-08-20 13:41 - 00001924 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-a98a33lxx1cl (1).dlc
2013-08-20 13:39 - 2013-08-20 13:39 - 00001924 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-a98a33lxx1cl.dlc
2013-08-20 13:26 - 2013-08-29 13:16 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-20 13:06 - 2013-08-20 13:39 - 00002096 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-shu933la56p0.dlc
2013-08-19 20:02 - 2013-09-04 14:31 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 18:34 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-08-16 18:33 - 2013-09-02 08:17 - 00000109 _____ C:\Windows\disney.ini
2013-08-15 18:42 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:42 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:42 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 18:42 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 18:42 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 18:42 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 11:15 - 2013-08-15 11:16 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 11:07 - 2013-08-15 11:08 - 00000000 ____D C:\Users\Hiden\AppData\Local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
2013-08-15 09:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 09:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 09:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 09:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 09:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 09:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 09:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 09:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 09:49 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 09:49 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-07 20:30 - 2013-08-07 20:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-08-07 12:21 - 2008-08-28 12:44 - 00025600 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2013-08-05 10:09 - 2013-08-05 10:09 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\AUTOSICH
==================== One Month Modified Files and Folders =======
2013-09-04 16:55 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 16:55 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 16:54 - 2013-09-04 16:39 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-04 16:51 - 2012-12-06 17:24 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Skype
2013-09-04 16:40 - 2012-12-05 17:57 - 01699142 _____ C:\Windows\WindowsUpdate.log
2013-09-04 16:39 - 2013-07-09 17:32 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-09-04 16:38 - 2012-12-24 22:35 - 00000000 ____D C:\Users\Hiden\Desktop\Programme
2013-09-04 16:37 - 2013-09-04 11:42 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-04 16:36 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-04 16:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 16:36 - 2009-07-14 06:51 - 00111197 _____ C:\Windows\setupact.log
2013-09-04 16:35 - 2010-11-21 05:47 - 00724964 _____ C:\Windows\PFRO.log
2013-09-04 16:31 - 2013-09-04 12:23 - 00000000 ____D C:\_tools
2013-09-04 16:29 - 2013-04-08 15:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-09-04 16:25 - 2013-09-04 16:25 - 02134420 _____ C:\Users\Hiden\Downloads\RogueKiller_8.6.9.zip
2013-09-04 16:01 - 2012-12-22 09:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-04 15:10 - 2013-07-21 21:07 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Audacity
2013-09-04 14:31 - 2013-08-19 20:02 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-09-04 14:28 - 2013-09-04 14:26 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 14:20 - 2013-08-22 13:14 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-09-04 14:19 - 2012-12-05 18:10 - 00001427 _____ C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-04 13:54 - 2012-12-06 17:29 - 00000000 ____D C:\Users\Hiden\AppData\Local\CrashDumps
2013-09-04 13:41 - 2013-07-09 17:27 - 00000000 ____D C:\ProgramData\eSafe
2013-09-04 13:40 - 2013-07-09 17:32 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Omiga Plus
2013-09-04 13:40 - 2013-06-19 16:24 - 00000000 ____D C:\Program Files (x86)\AutoLyrics
2013-09-04 13:40 - 2013-06-02 08:11 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-04 13:26 - 2013-07-23 08:44 - 00000000 ____D C:\Program Files (x86)\SafeSaver
2013-09-04 13:20 - 2013-06-05 17:56 - 00108032 ___SH C:\Users\Hiden\Thumbs.db
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 12:40 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\NVIDIA
2013-09-04 12:38 - 2013-09-04 11:42 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:36 - 2012-12-05 18:05 - 00000000 ____D C:\Users\Hiden
2013-09-04 12:36 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.gu.bak
2013-09-04 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.gu.bak
2013-09-04 11:51 - 2012-12-24 20:47 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-09-04 11:51 - 2012-12-20 15:22 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-04 11:51 - 2012-12-07 14:49 - 00000000 ___RD C:\Users\Hiden\Desktop\Spiele
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:41 - 2013-09-04 11:41 - 16243768 _____ C:\Users\Hiden\Downloads\gu3setup.exe
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:28 - 2013-08-28 15:03 - 00000000 ____D C:\hw64_422
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:27 - 2012-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-04 11:26 - 2012-12-06 09:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-04 11:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-09-04 11:25 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-04 11:16 - 2013-09-04 11:16 - 02453054 _____ C:\Users\Hiden\Downloads\hw64_422.zip
2013-09-04 11:09 - 2013-03-25 14:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 10:59 - 2013-09-01 08:34 - 00000000 ____D C:\Windows\Minidump
2013-09-04 08:53 - 2013-09-04 08:52 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 08:39 - 2012-12-06 09:55 - 00086552 _____ C:\Users\Hiden\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-04 08:28 - 2009-07-14 06:45 - 00343656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-04 08:26 - 2013-04-22 15:30 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-09-04 08:21 - 2013-02-28 19:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-04 08:20 - 2013-06-20 15:26 - 00000600 _____ C:\Windows\Rtcw.INI
2013-09-04 08:20 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\Documents\my games
2013-09-04 08:19 - 2013-07-09 17:19 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-09-04 08:19 - 2013-02-17 11:08 - 00000000 ____D C:\Users\Hiden\Documents\Euro Truck Simulator 2
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 22:12 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\TS3Client
2013-09-03 13:36 - 2013-09-03 13:30 - 19740030 _____ C:\Users\Hiden\Downloads\Fendt_312TMS_Red_BTS_V2.zip
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 17:35 - 2013-09-02 17:35 - 00018465 _____ C:\Users\Hiden\Downloads\ZZZ_fastForward.zip
2013-09-02 17:01 - 2012-12-06 21:15 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\.minecraft
2013-09-02 15:24 - 2013-09-02 15:24 - 12770646 _____ C:\Users\Hiden\Downloads\xvm-4.1.1.zip
2013-09-02 11:09 - 2013-09-04 12:35 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-02 11:09 - 2013-09-04 11:42 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-02 08:17 - 2013-08-16 18:33 - 00000109 _____ C:\Windows\disney.ini
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 16:38 - 2013-08-31 10:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 20:24 - 2013-08-30 20:19 - 174242488 _____ C:\Users\Hiden\Downloads\DonsMapV1.zip
2013-08-30 20:21 - 2013-08-30 20:21 - 01358962 _____ C:\Users\Hiden\Downloads\Bierkarre.zip
2013-08-30 20:21 - 2013-08-30 20:20 - 11326313 _____ C:\Users\Hiden\Downloads\LizardBully275HP.zip
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 19:13 - 2013-08-30 19:12 - 17423012 _____ C:\Users\Hiden\Downloads\UniversalBaleTrailer_v3_OPEN_ME.rar
2013-08-30 14:24 - 2013-08-30 14:24 - 03808017 _____ C:\Users\Hiden\Downloads\WelgerAP.zip
2013-08-30 14:07 - 2013-08-30 14:06 - 03760642 _____ C:\Users\Hiden\Downloads\SipmaZ224.zip
2013-08-30 14:04 - 2013-08-30 13:57 - 221791348 _____ C:\Users\Hiden\Downloads\entpack mich.rar
2013-08-30 14:03 - 2013-08-30 14:02 - 30501886 _____ C:\Users\Hiden\Downloads\Ballengitterwagen_Pack_entpacken.rar
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 19:14 - 2013-08-29 19:06 - 163566314 _____ C:\Users\Hiden\Downloads\Ahlen_Map.zip
2013-08-29 19:12 - 2013-08-29 19:08 - 69599016 _____ C:\Users\Hiden\Downloads\GIANTSContest2013_Belgique_Profonde_2_LuxFarm_Ls.zip
2013-08-29 18:37 - 2013-08-29 18:34 - 94159810 _____ C:\Users\Hiden\Downloads\hackselLandV1.zip
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 13:17 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Local\TeamSpeak 3 Client
2013-08-29 13:16 - 2013-08-20 13:26 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-29 13:14 - 2013-08-29 13:14 - 00010992 _____ C:\Users\Hiden\Downloads\aaaf56b5caa5132724beb5aa9aa22998.dlc
2013-08-29 10:39 - 2013-08-29 10:38 - 03503441 _____ C:\Users\Hiden\Downloads\Piper Bergwacht Download.zip
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 17:38 - 2013-08-28 17:38 - 00111602 _____ C:\Users\Hiden\Downloads\SrsMoney.zip
2013-08-28 15:43 - 2013-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 15:01 - 2013-08-28 15:00 - 01981816 _____ C:\Users\Hiden\Downloads\cpu-z-166.zip
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-28 13:13 - 2012-12-20 15:27 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-28 13:11 - 2013-08-28 13:11 - 00002119 _____ C:\Users\Hiden\Downloads\[isoHunt] SKI REGION SIMULATOR 2012-FIGHTCLUB CRACK 2012.rar.torrent
2013-08-28 12:05 - 2013-08-28 12:05 - 06701308 _____ C:\Users\Hiden\Downloads\PrinothSchneefraese600.zip
2013-08-28 12:03 - 2013-08-28 12:03 - 06026202 _____ C:\Users\Hiden\Downloads\MB1520_for_SRS2012.zip
2013-08-28 11:53 - 2013-08-28 11:53 - 00321822 _____ C:\Users\Hiden\Downloads\Jd_Tow_Frame.zip
2013-08-28 11:52 - 2013-08-28 11:52 - 11830262 _____ C:\Users\Hiden\Downloads\Schneekanonenpack_Installer.exe
2013-08-28 11:50 - 2013-08-28 11:49 - 15865848 _____ C:\Users\Hiden\Downloads\Entpacken.zip
2013-08-28 11:48 - 2013-08-28 11:48 - 10216483 _____ C:\Users\Hiden\Downloads\Fendt_209_S.zip
2013-08-28 11:45 - 2013-08-28 11:45 - 19309119 _____ C:\Users\Hiden\Downloads\Xerion_Pack.rar
2013-08-28 11:44 - 2013-08-28 11:44 - 02972305 _____ C:\Users\Hiden\Downloads\Alfamodding_Ski_Addon.zip
2013-08-28 11:21 - 2013-05-19 10:52 - 00000000 ____D C:\Users\Hiden\AppData\Local\Akamai
2013-08-28 11:21 - 2013-03-21 21:02 - 00000000 ____D C:\Program Files (x86)\Clownfish
2013-08-28 11:21 - 2013-01-27 13:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\ts3overlay
2013-08-28 11:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-28 11:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-28 10:57 - 2013-08-28 10:57 - 00002948 _____ C:\Users\Hiden\Downloads\50e3b8d8af67beb9b30cb3272123eac5.dlc
2013-08-28 10:44 - 2013-08-28 10:44 - 10667567 _____ C:\Users\Hiden\Downloads\Fendt_209_S.exe
2013-08-28 10:44 - 2013-08-28 10:44 - 02350778 _____ C:\Users\Hiden\Downloads\PrinothBeast.exe
2013-08-28 10:28 - 2011-02-11 16:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-28 10:28 - 2011-02-11 16:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-28 10:28 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 08:47 - 2013-08-28 08:38 - 184153897 _____ C:\Users\Hiden\Downloads\Drensteinfurt.zip
2013-08-28 08:45 - 2013-08-28 08:39 - 107605806 _____ C:\Users\Hiden\Downloads\AlitaFarm.zip
2013-08-28 08:41 - 2013-08-28 08:39 - 20931134 _____ C:\Users\Hiden\Downloads\NewHolland_T7_210.zip
2013-08-28 08:39 - 2013-08-28 08:38 - 15667129 _____ C:\Users\Hiden\Downloads\FortunaFTM200_6_0.zip
2013-08-28 08:38 - 2013-08-28 08:37 - 27038761 _____ C:\Users\Hiden\Downloads\Zunhammer18500PU.zip
2013-08-28 08:38 - 2013-08-28 08:37 - 15066930 _____ C:\Users\Hiden\Downloads\JohnDeere6RPack.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00482516 _____ C:\Users\Hiden\Downloads\DustWheels.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00055856 _____ C:\Users\Hiden\Downloads\RealLights_v098.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00036427 _____ C:\Users\Hiden\Downloads\ESLimiter.zip
2013-08-28 08:37 - 2013-08-28 08:36 - 14569964 _____ C:\Users\Hiden\Downloads\JD6150RSN.zip
2013-08-28 08:37 - 2013-08-28 08:36 - 07024980 _____ C:\Users\Hiden\Downloads\KotteZubringer.zip
2013-08-28 08:37 - 2013-08-28 08:36 - 03345223 _____ C:\Users\Hiden\Downloads\KotteContainer.zip
2013-08-28 08:37 - 2013-08-28 08:36 - 00035256 _____ C:\Users\Hiden\Downloads\ZZZ_manualIgnition.zip
2013-08-27 21:07 - 2013-08-27 21:07 - 01566289 _____ C:\Users\Hiden\Downloads\Single_Axle_UBT_v2_by_xiukaz_UNPACK.zip
2013-08-27 18:19 - 2013-08-27 18:18 - 01839939 _____ C:\Users\Hiden\Downloads\LegoTracBySYM.zip
2013-08-27 18:17 - 2013-08-27 18:17 - 02861884 _____ C:\Users\Hiden\Downloads\Contest2013_FlieglTDK200.zip
2013-08-27 18:17 - 2013-08-27 18:16 - 11308886 _____ C:\Users\Hiden\Downloads\NewHolland_378.zip
2013-08-27 18:16 - 2013-08-27 18:16 - 01790638 _____ C:\Users\Hiden\Downloads\Kran_Halle.zip
2013-08-26 10:00 - 2013-08-26 09:51 - 27514869 _____ C:\Users\Hiden\Downloads\RopaEuroTigerPack.zip
2013-08-26 08:05 - 2013-08-26 07:05 - 183025975 _____ C:\Users\Hiden\Downloads\Pawikowo_Finalv2.zip
2013-08-26 07:15 - 2013-08-26 07:15 - 04472200 _____ C:\Users\Hiden\Downloads\HorschPronto9DC_ce.zip
2013-08-26 07:10 - 2013-08-26 07:10 - 05602237 _____ C:\Users\Hiden\Downloads\horsch.zip
2013-08-26 07:07 - 2013-08-26 07:07 - 10159758 _____ C:\Users\Hiden\Downloads\KrampeBBS650_ce.zip
2013-08-26 07:04 - 2013-08-26 07:04 - 06614055 _____ C:\Users\Hiden\Downloads\grimmeRootster604MF.zip
2013-08-26 07:02 - 2013-08-26 07:01 - 19318364 _____ C:\Users\Hiden\Downloads\Deutz_7545_Multifrucht.zip
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 17:41 - 2013-08-25 17:34 - 19971755 _____ C:\Users\Hiden\Downloads\JaguarBE_entpacken.zip
2013-08-25 16:15 - 2013-08-25 16:15 - 00211197 _____ C:\Users\Hiden\Downloads\Claas_Conspeed.zip
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-25 11:08 - 2013-08-25 11:08 - 00032153 _____ C:\Users\Hiden\Downloads\ZZZ_GPS.zip
2013-08-23 19:34 - 2013-08-23 07:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-23 16:28 - 2013-08-23 16:28 - 02492035 _____ C:\Users\Hiden\Downloads\Kotte_FRP_145.exe
2013-08-23 16:25 - 2013-08-23 16:25 - 07148837 _____ C:\Users\Hiden\Downloads\TRAIL_Rolland_20_30.zip
2013-08-23 16:09 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-23 16:01 - 2013-08-22 17:06 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-23 15:46 - 2013-08-23 14:58 - 901523129 _____ C:\Users\Hiden\Downloads\Battlefield3_EN.rar
2013-08-23 15:39 - 2013-08-23 14:57 - 639594154 _____ C:\Users\Hiden\Downloads\Battlefield3_DE.rar
2013-08-23 15:21 - 2013-04-22 15:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-23 15:13 - 2013-08-23 15:13 - 10347909 _____ C:\Users\Hiden\Downloads\BF3_Update_05March2013.rar
2013-08-23 15:11 - 2012-12-25 11:58 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\uTorrent
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-23 10:57 - 2013-08-23 10:57 - 00822784 _____ C:\Users\Hiden\Downloads\BF3 Auto Language Changer.exe
2013-08-23 10:57 - 2013-08-23 10:57 - 00822784 _____ C:\Users\Hiden\Downloads\BF3 Auto Language Changer (1).exe
2013-08-22 17:47 - 2013-08-22 17:40 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:39 - 2013-03-09 17:02 - 00000000 ____D C:\Users\Hiden\AppData\Local\Unity
2013-08-22 17:38 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Origin
2013-08-22 16:20 - 2013-08-22 09:29 - 1495924736 ____R C:\Users\Hiden\Downloads\BF3.iso
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 13:14 - 2012-12-05 18:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\Google
2013-08-22 13:12 - 2012-12-05 18:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-22 11:25 - 2013-08-22 11:22 - 35519412 _____ C:\Users\Hiden\Downloads\EntpackeMich.zip
2013-08-22 11:24 - 2013-08-22 11:22 - 21483593 _____ C:\Users\Hiden\Downloads\EntpackeMICH_DC_Mission02.rar
2013-08-22 11:23 - 2013-08-22 11:23 - 03053757 _____ C:\Users\Hiden\Downloads\concreteSawSampleDevice.exe
2013-08-22 09:14 - 2013-08-22 09:09 - 156995087 _____ C:\Users\Hiden\Downloads\battlefield 3 game.zip
2013-08-22 09:11 - 2013-08-22 09:10 - 23196597 _____ C:\Users\Hiden\Downloads\Battlefield 3 Multiplayer.zip
2013-08-22 09:11 - 2013-08-22 09:09 - 00000000 ____D C:\Users\Hiden\Downloads\Battlefield 3 [PC ~ MULTI10][RELOADED]
2013-08-22 09:06 - 2013-08-22 09:06 - 00046430 _____ C:\Users\Hiden\Downloads\Battlefield3@www.torrent.to.torrent
2013-08-22 09:05 - 2013-08-22 09:04 - 00000000 ____D C:\Users\Hiden\Downloads\uTorrent Ultra Accelerator v2.6.0[Asterus]
2013-08-22 09:04 - 2013-08-22 09:04 - 00001783 _____ C:\Users\Hiden\Downloads\uTorrentUltraAcceleratorv2.6.0Asterus@www.torrent.to (1).torrent
2013-08-22 09:03 - 2013-08-22 09:02 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (4).exe
2013-08-22 09:02 - 2013-08-22 09:02 - 00001783 _____ C:\Users\Hiden\Downloads\uTorrentUltraAcceleratorv2.6.0Asterus@www.torrent.to.torrent
2013-08-21 12:46 - 2013-08-21 12:43 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-21 11:58 - 2013-08-21 10:39 - 00000000 ____D C:\Users\Hiden\Downloads\Battlefield.3-RELOADED
2013-08-21 11:38 - 2013-08-21 11:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (3).exe
2013-08-21 11:38 - 2013-08-21 11:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (2).exe
2013-08-21 10:38 - 2013-08-21 10:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (1).exe
2013-08-21 10:37 - 2013-08-21 10:37 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017.exe
2013-08-21 10:35 - 2013-08-21 10:34 - 08166239 _____ C:\Users\Hiden\Downloads\bf3.rar
2013-08-20 20:32 - 2012-12-22 09:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 20:32 - 2012-12-06 17:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 20:32 - 2012-12-06 17:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 15:33 - 2013-09-04 11:10 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 15:32 - 2013-09-04 11:10 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-20 15:32 - 2013-09-04 11:10 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 14:49 - 2013-08-20 14:09 - 1096558289 _____ C:\Users\Hiden\Downloads\Demolition Company.rar
2013-08-20 14:06 - 2013-08-20 14:06 - 01130576 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\utorrent.exe
2013-08-20 13:47 - 2013-08-20 13:47 - 00157234 _____ C:\Users\Hiden\Downloads\RouterReconnect_1.3.zip
2013-08-20 13:47 - 2013-08-20 13:47 - 00000000 ____D C:\Users\Hiden\Downloads\RouterReconnect_1.3
2013-08-20 13:41 - 2013-08-20 13:41 - 00001924 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-a98a33lxx1cl (1).dlc
2013-08-20 13:39 - 2013-08-20 13:39 - 00001924 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-a98a33lxx1cl.dlc
2013-08-20 13:39 - 2013-08-20 13:06 - 00002096 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-shu933la56p0.dlc
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-20 10:48 - 2013-05-07 14:15 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:48 - 2013-03-25 14:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-17 10:49 - 2012-12-05 18:01 - 00218987 _____ C:\Windows\DirectX.log
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 18:38 - 2013-07-13 13:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:37 - 2012-12-06 10:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 11:20 - 2013-02-26 21:16 - 00037531 ____H C:\Users\Hiden\Desktop\ZbThumbnail.info
2013-08-15 11:16 - 2013-08-15 11:15 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 11:08 - 2013-08-15 11:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
2013-08-15 09:31 - 2013-06-19 16:25 - 00000000 ____D C:\Users\Hiden\Documents\bitComposer Games
2013-08-15 09:30 - 2013-04-28 12:38 - 00000000 ____D C:\Program Files (x86)\Nokia
2013-08-15 09:25 - 2013-07-24 13:22 - 00000000 ____D C:\Users\Hiden\AppData\Local\LogMeIn Hamachi
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-12 11:12 - 2013-04-19 21:18 - 00000000 ____D C:\ts3overlay
2013-08-11 11:21 - 2013-02-21 16:28 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-07 20:30 - 2013-08-07 20:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-07 20:30 - 2013-05-01 10:53 - 00286840 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-08-07 20:30 - 2013-05-01 10:52 - 00291210 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-08-07 12:24 - 2013-04-28 12:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\PC Suite
2013-08-07 12:23 - 2013-04-30 17:35 - 00000000 ____D C:\Users\Hiden\AppData\Local\Nokia
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-08-07 12:21 - 2013-04-28 12:44 - 00041042 _____ C:\Windows\DPINST.LOG
2013-08-05 10:09 - 2013-08-05 10:09 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\AUTOSICH
Files to move or delete:
====================
C:\Users\Hiden\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Hiden\AppData\Local\Temp\Tsu8F5BCA1D.dll
C:\Users\Hiden\AppData\Local\Temp\TsuE58EB0BC.dll
C:\Users\Hiden\AppData\Local\Temp\TsuEBBB588F.dll
C:\Users\Hiden\AppData\Local\Temp\uninst1.exe
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\_Setupx.dll
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Custom.dll
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Custom.dll
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\Temp1_RogueKiller_8.6.9.zip\RogueKillerX64.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\setup.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap32v.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap64v.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2UI.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\ReleaseHighlights.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\MSNetExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\detoured.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvFBC.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\NvGfeServiceBridge.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvsteamsupport.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamsvc.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\protobuf-net.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\rxinput.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\steam_api.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\detoured.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvFBC.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\NvGfeServiceBridge.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvsteamsupport.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\rxinput.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\steam_api64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avcodec-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avdevice-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avformat-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avutil-49.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\Bifrost.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\cudart32_41_0.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\NvStreamCExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\nvwinstreamc.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\swscale-0.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\7z.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\DisplayCplExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ExtensionLoader.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperience.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceControls.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceCore.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GridService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerUIExtension.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\log4net.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.Properties.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.UpdateService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Win32Api.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nvtmru.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\oaremote_plugin.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ShadowPlay.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Core.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Interfaces.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Linq.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Providers.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Windows.Interactivity.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperience.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\ComUpdatus.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\daemonu.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\UpdateExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\WLMerger.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Optimus\OptimusExt.dll
C:\Users\Hiden\AppData\Local\Temp\IDC3.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Hiden\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Hiden\AppData\Local\Temp\bus6D9D\BUSolution.dll
C:\Users\Hiden\AppData\Local\Temp\bus664C\CrxUpdater_g.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 12:09
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- [/CODE] Ich hab noch Logs vom Rogue Killer: RKreport[0]_D_09042013_163056.txt gestern um 16:30 Uhr Code:
ATTFilter RogueKiller V8.6.9 _x64_ [Sep 3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/
Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Hiden [Admin Rechte]
Funktion : Entfernen -- Datum : 09/04/2013 16:30:56
| ARK || FAK || MBR |
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
¤¤¤ Registry-Einträge : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> GELÖSCHT
[RUN][SUSP PATH] HKCU\[...]\Run : VSA (C:\Users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [-]) -> GELÖSCHT
[RUN][SUSP PATH] HKUS\S-1-5-21-1013355498-1814289779-388905639-1000\[...]\Run : Google Update ("C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> [0x2] Das System kann die angegebene Datei nicht finden.
[RUN][SUSP PATH] HKUS\S-1-5-21-1013355498-1814289779-388905639-1000\[...]\Run : VSA (C:\Users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [-]) -> [0x2] Das System kann die angegebene Datei nicht finden.
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ERSETZT (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
¤¤¤ Geplante Tasks : 5 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000UA.job : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> GELÖSCHT
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000Core.job : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> GELÖSCHT
[V2][SUSP PATH] Funmoods : C:\Users\Hiden\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> GELÖSCHT
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000Core : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> GELÖSCHT
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000UA : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> GELÖSCHT
¤¤¤ Autostart-Einträge : 0 ¤¤¤
¤¤¤ Web-Browsern : 0 ¤¤¤
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
¤¤¤ Externe Hives: ¤¤¤
¤¤¤ Infektion : ¤¤¤
¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-07U6AA0 +++++
--- User ---
[MBR] 059af9afa77d3237483bb4a3097bc460
[BSP] a83ce2731a2176452a249e61641756f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2049 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 4200448 | Size: 474888 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Abgeschlossen : << RKreport[0]_D_09042013_163056.txt >>
RKreport[0]_S_09042013_163022.txt
Code:
ATTFilter RogueKiller V8.6.9 _x64_ [Sep 3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/
Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Hiden [Admin Rechte]
Funktion : Scannen -- Datum : 09/04/2013 16:30:22
| ARK || FAK || MBR |
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
¤¤¤ Registry-Einträge : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> GEFUNDEN
[RUN][SUSP PATH] HKCU\[...]\Run : VSA (C:\Users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [-]) -> GEFUNDEN
[RUN][SUSP PATH] HKUS\S-1-5-21-1013355498-1814289779-388905639-1000\[...]\Run : Google Update ("C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> GEFUNDEN
[RUN][SUSP PATH] HKUS\S-1-5-21-1013355498-1814289779-388905639-1000\[...]\Run : VSA (C:\Users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [-]) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
¤¤¤ Geplante Tasks : 5 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000UA.job : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> GEFUNDEN
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000Core.job : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> GEFUNDEN
[V2][SUSP PATH] Funmoods : C:\Users\Hiden\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> GEFUNDEN
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000Core : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> GEFUNDEN
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000UA : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> GEFUNDEN
¤¤¤ Autostart-Einträge : 0 ¤¤¤
¤¤¤ Web-Browsern : 0 ¤¤¤
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
¤¤¤ Externe Hives: ¤¤¤
¤¤¤ Infektion : ¤¤¤
¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-07U6AA0 +++++
--- User ---
[MBR] 059af9afa77d3237483bb4a3097bc460
[BSP] a83ce2731a2176452a249e61641756f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2049 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 4200448 | Size: 474888 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Abgeschlossen : << RKreport[0]_S_09042013_163022.txt >>
Code:
ATTFilter RogueKiller V8.6.9 _x64_ [Sep 3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/
Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Hiden [Admin Rechte]
Funktion : Scannen -- Datum : 09/04/2013 16:31:40
| ARK || FAK || MBR |
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
¤¤¤ Registry-Einträge : 0 ¤¤¤
¤¤¤ Geplante Tasks : 0 ¤¤¤
¤¤¤ Autostart-Einträge : 0 ¤¤¤
¤¤¤ Web-Browsern : 0 ¤¤¤
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
¤¤¤ Externe Hives: ¤¤¤
¤¤¤ Infektion : ¤¤¤
¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-07U6AA0 +++++
--- User ---
[MBR] 059af9afa77d3237483bb4a3097bc460
[BSP] a83ce2731a2176452a249e61641756f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2049 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 4200448 | Size: 474888 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Abgeschlossen : << RKreport[0]_S_09042013_163140.txt >>
RKreport[0]_D_09042013_163056.txt;RKreport[0]_S_09042013_163022.txt
RKreport[0]_PR_09042013_163224 um 16:32 Code:
ATTFilter RogueKiller V8.6.9 _x64_ [Sep 3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/
Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Hiden [Admin Rechte]
Funktion : Reparierte Proxy-Einstellungen -- Datum : 09/04/2013 16:32:24
| ARK || FAK || MBR |
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
¤¤¤ Registry-Einträge : 0 ¤¤¤
¤¤¤ Web-Browsern : 0 ¤¤¤
¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
¤¤¤ Externe Hives: ¤¤¤
¤¤¤ Infektion : ¤¤¤
Abgeschlossen : << RKreport[0]_PR_09042013_163224.txt >>
RKreport[0]_D_09042013_163056.txt;RKreport[0]_S_09042013_163022.txt;RKreport[0]_S_09042013_163140.txt
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Hiden :: HIDEN-PC [Administrator] 04.09.2013 13:12:21 mbam-log-2013-09-04 (13-12-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 58611 Laufzeit: 11 Minute(n), 45 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 3 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 1472 -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 2264 -> Löschen bei Neustart. C:\Users\Hiden\AppData\Roaming\Microsoft\svhost.exe (PUP.BitCoinMiner) -> 4772 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 14 HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) Gut: () -> Löschen bei Neustart. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\Users\Hiden\AppData\Roaming\Microsoft\svhost.exe (PUP.BitCoinMiner) -> Löschen bei Neustart. C:\Program Files (x86)\AutoLyrics\AutoLyricsUpdater.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SafeSaver\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Browse2save\511fe08882b18.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. (Ende) Beispiel von 16:34: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Hiden :: HIDEN-PC [Administrator] 04.09.2013 13:12:21 mbam-log-2013-09-04 (13-12-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 58611 Laufzeit: 11 Minute(n), 45 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 3 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 1472 -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 2264 -> Löschen bei Neustart. C:\Users\Hiden\AppData\Roaming\Microsoft\svhost.exe (PUP.BitCoinMiner) -> 4772 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 14 HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) Gut: () -> Löschen bei Neustart. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\Users\Hiden\AppData\Roaming\Microsoft\svhost.exe (PUP.BitCoinMiner) -> Löschen bei Neustart. C:\Program Files (x86)\AutoLyrics\AutoLyricsUpdater.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SafeSaver\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Browse2save\511fe08882b18.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. (Ende) |
|
05.09.2013, 06:49
| #7 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder und hier noch ein Log aus dem Avira AntiVir (ich hoffe, dass das jetzt nicht zu viel wird!!! ;-) ) Code:
ATTFilter Exportierte Ereignisse:
04.09.2013 15:05 [Echtzeit-Scanner] Registry blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
blockiert.
04.09.2013 14:14 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Hiden\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\P9ZOKING\yontoosetup[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54a5b142.qua'
verschoben!
04.09.2013 14:14 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Hiden\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\WLCDI9MQ\pvtzd_agent_setup[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.8543085' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54dbbb0b.qua'
verschoben!
04.09.2013 14:11 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\WLCDI9MQ\pvtzd_agent_setup[1].exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.8543085' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.09.2013 14:11 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\P9ZOKING\yontoosetup[1].exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.09.2013 13:46 [Echtzeit-Scanner] Registry blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
blockiert.
04.09.2013 13:26 [Echtzeit-Scanner] Registry blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
blockiert.
02.09.2013 08:14 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
01.09.2013 15:29 [Updater] Update nicht ausgeführt
Das Update von Computer HIDEN-PC (127.0.0.1) von
"hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
01.09.2013 12:27 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Hiden\Downloads\Crack Ski Region Simulator 2012.rar.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/InstallRex.G.1'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57dd873d.qua'
verschoben!
01.09.2013 12:14 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\Downloads\Crack Ski Region Simulator 2012.rar.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallRex.G.1' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
01.09.2013 12:11 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
30.08.2013 14:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\Downloads\Crack Ski Region Simulator 2012.rar.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallRex.G.1' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
28.08.2013 10:43 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler
28.08.2013 10:23 [Echtzeit-Scanner] Lizenzfehler
Lizenzfehler
28.08.2013 09:52 [Echtzeit-Scanner] Autorun blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Datei
'P:\autorun.inf' blockiert.
23.08.2013 14:34 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
\newtab_setup.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3d53df79.qua'
verschoben!
23.08.2013 14:34 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cb4e760.qua'
verschoben!
23.08.2013 14:34 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Bunndle.B' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5423c8db.qua'
verschoben!
23.08.2013 14:34 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
\browser_coupon_setup.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '78dff253.qua'
verschoben!
23.08.2013 14:34 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
\browser_coupon_setup.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1ee8bd91.qua'
verschoben!
23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
\newtab_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.08.2013 13:03 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.08.2013 09:03 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
22.08.2013 09:03 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.08.2013 11:38 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
21.08.2013 11:38 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.08.2013 10:38 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
21.08.2013 10:38 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.08.2013 16:45 [Updater] Update nicht ausgeführt
Das Update von Computer HIDEN-PC (127.0.0.1) von
"hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
20.08.2013 16:24 [Echtzeit-Scanner] Malware gefunden
In der Datei 'I:\Setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.UPKM.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.08.2013 16:24 [Echtzeit-Scanner] Malware gefunden
In der Datei 'I:\Setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.UPKM.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.08.2013 14:42 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
\newtab_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.08.2013 14:42 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.08.2013 14:42 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.08.2013 14:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.08.2013 14:41 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.08.2013 13:39 [System-Scanner] Malware gefunden
Die Datei
'C:\$Recycle.Bin\S-1-5-21-1013355498-1814289779-388905639-1000\$RQ5M8R2.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Airinstall.J' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55c5c5e9.qua'
verschoben!
20.08.2013 13:39 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\$Recycle.Bin\S-1-5-21-1013355498-1814289779-388905639-1000\$RQ5M8R2.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Airinstall.J' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
20.08.2013 13:39 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\Downloads\Download-534895hhr43431.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Airinstall.J' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.08.2013 19:55 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
\newtab_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.08.2013 19:55 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.08.2013 19:55 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.08.2013 19:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.08.2013 19:54 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.08.2013 18:49 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
\newtab_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.08.2013 18:49 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.08.2013 18:49 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.08.2013 18:49 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.08.2013 18:48 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.08.2013 16:21 [Updater] Update nicht ausgeführt
Das Update von Computer HIDEN-PC (127.0.0.1) von
"hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
17.08.2013 10:38 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\$Recycle.Bin\S-1-5-21-1013355498-1814289779-388905639-1000\$R11LQLT.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Somoto.PD' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.08.2013 09:27 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
\newtab_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.08.2013 09:27 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.08.2013 09:27 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.08.2013 09:27 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.08.2013 09:26 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
\newtab_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.08.2013 15:15 [Updater] Update nicht ausgeführt
Das Update von Computer HIDEN-PC (127.0.0.1) von
"hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
11.08.2013 13:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\Downloads\Download-534895hhr43431.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Airinstall.J' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
\newtab_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
\browser_coupon_setup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
05.09.2013, 09:39
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wiederZitat:
 Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2013, 13:21
| #9 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Hallo! Bitte entschuldige. Das ist der PC eines Freundes. Der Inhalt des Download-Ordner (sowie auch der Bilder- & Dokumente-Ordner und diverses aus den Programmen) wurde so wie er war in den Papierkorb und dann ordentlich gelöscht bzw. deinstalliert! Ich hoffe, ich habe nichts übersehen! LG FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by Hiden (administrator) on HIDEN-PC on 05-09-2013 14:18:49
Running from C:\Users\Hiden\Desktop\share
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-02-16] (Arainia Solutions)
MountPoints2: G - G:\cdstart.exe
MountPoints2: I - I:\cdstart.exe
MountPoints2: {7051758a-b309-11e2-9e44-fbb951157bc6} - F:\OriginInstaller.exe
MountPoints2: {b4993d4d-3f3e-11e2-8214-806e6f6e6963} - E:\cdstart.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk
ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM-x32 - {43127BD9-3ACA-4259-9A77-D5C69F5CB9BA} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKLM-x32 - {96932D4E-8C01-43DD-98CC-011CA708A907} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_bad2g&mntrId=0016000C4343BD02
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_bad2g&mntrId=0016000C4343BD02
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {62E3F633-EDFB-44CC-9142-718C84A5CD02} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119292&babsrc=SP_ss&mntrId=001620ef000000000000000c4343bd02
SearchScopes: HKCU - {B5918D46-D596-40AB-B9B9-4235D17141A0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=3DB68FCC-ADA4-4017-8C38-58DE2CDFAFE8&apn_sauid=22187DFA-8181-45F6-B34D-BA650EECB054
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb205/?search={searchTerms}&loc=IB_DS&a=6PQRV9rixw&i=26
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default
FF user.js: detected! => C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Funmoods.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Searchab.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\winload-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF Extension: Browse2save - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\511fe088829a4@511fe088829dd.com
FF Extension: incredibar.com - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ffxtlbr@incredibar.com
FF Extension: Spartipps von SparPilot.com - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\sparpilot@sparpilot.com
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\staged
FF Extension: Winload - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF Extension: WhiteSmoke US New - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
FF Extension: ftdownloader - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ftdownloader@ftdownloader.com.xpi
FF Extension: torntv - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\WTB_GLOBAL.sqlite
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [511fe088829a4@511fe088829dd.com] C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
FF Extension: Browse2save - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF HKCU\...\Firefox\Extensions: [autolyrics@man-soft.net] C:\Program Files (x86)\AutoLyrics\FF\
FF Extension: No Name - C:\Program Files (x86)\AutoLyrics\FF\
Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "https://www.google.at/"
CHR DefaultSearchURL: (Babylon Search) - hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0016944452EDFDAF&affID=123895&tsp=4985
CHR DefaultSuggestURL: (Babylon Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Hiden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Lightning Newtab) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.9_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Auto Lyrics) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.114_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Hiden\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Hiden\AppData\Local\funmoods-speeddial_sf.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Hiden\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx
CHR HKLM-x32\...\Chrome\Extension: [pkcdkfohdadbjmlfejhncigcbfkiaamf] - C:\Program Files (x86)\AutoLyrics\Chrome.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-02-16] (Arainia Solutions)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-09] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [x]
==================== Drivers (Whitelisted) ====================
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-02] (DT Soft Ltd)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.)
U3 ahi4h10m; C:\Windows\System32\Drivers\ahi4h10m.sys [0 ] (Advanced Micro Devices)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST
2013-09-04 16:39 - 2013-09-05 14:18 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-04 14:26 - 2013-09-04 14:28 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:35 - 2013-09-02 11:09 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-04 12:23 - 2013-09-04 16:31 - 00000000 ____D C:\_tools
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-05 14:17 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-04 11:42 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:42 - 2013-09-02 11:09 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:26 - 2013-06-21 12:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-04 11:26 - 2013-06-21 12:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-04 11:26 - 2013-06-20 06:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-04 11:18 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-09-04 11:18 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-04 11:18 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-04 11:18 - 2013-01-29 10:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-04 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-04 11:10 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-09-04 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-04 08:52 - 2013-09-04 08:53 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-09-01 08:34 - 2013-09-04 10:59 - 00000000 ____D C:\Windows\Minidump
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 10:38 - 2013-08-31 16:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 15:03 - 2013-09-04 11:28 - 00000000 ____D C:\hw64_422
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-23 07:34 - 2013-08-23 19:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-22 17:40 - 2013-08-22 17:47 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:06 - 2013-08-23 16:01 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-22 13:14 - 2013-09-04 14:20 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-21 12:43 - 2013-08-21 12:46 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 16:26 - 2013-07-22 04:19 - 00126872 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2013-08-20 13:26 - 2013-08-29 13:16 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-19 20:02 - 2013-09-04 14:31 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 18:34 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-08-16 18:33 - 2013-09-02 08:17 - 00000109 _____ C:\Windows\disney.ini
2013-08-15 18:42 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:42 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:42 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 18:42 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 18:42 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 18:42 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 11:15 - 2013-08-15 11:16 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 11:07 - 2013-08-15 11:08 - 00000000 ____D C:\Users\Hiden\AppData\Local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
2013-08-15 09:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 09:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 09:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 09:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 09:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 09:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 09:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 09:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 09:49 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 09:49 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-07 20:30 - 2013-08-07 20:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-08-07 12:21 - 2008-08-28 12:44 - 00025600 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
==================== One Month Modified Files and Folders =======
2013-09-05 14:18 - 2013-09-04 16:39 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-05 14:17 - 2013-09-04 11:42 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-05 14:17 - 2012-12-06 17:24 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Skype
2013-09-05 14:16 - 2013-07-09 17:32 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-09-05 14:16 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-05 14:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 14:16 - 2009-07-14 06:51 - 00111533 _____ C:\Windows\setupact.log
2013-09-05 14:13 - 2012-12-05 17:57 - 01760739 _____ C:\Windows\WindowsUpdate.log
2013-09-05 14:11 - 2013-02-17 11:08 - 00000000 ____D C:\Users\Hiden\Documents\Euro Truck Simulator 2
2013-09-05 14:01 - 2012-12-22 09:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 13:57 - 2013-06-05 17:56 - 00122880 ___SH C:\Users\Hiden\Thumbs.db
2013-09-05 07:31 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 07:31 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 07:27 - 2013-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST
2013-09-04 16:38 - 2012-12-24 22:35 - 00000000 ____D C:\Users\Hiden\Desktop\Programme
2013-09-04 16:35 - 2010-11-21 05:47 - 00724964 _____ C:\Windows\PFRO.log
2013-09-04 16:31 - 2013-09-04 12:23 - 00000000 ____D C:\_tools
2013-09-04 16:29 - 2013-04-08 15:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-09-04 15:10 - 2013-07-21 21:07 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Audacity
2013-09-04 14:31 - 2013-08-19 20:02 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-09-04 14:28 - 2013-09-04 14:26 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 14:20 - 2013-08-22 13:14 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-09-04 14:19 - 2012-12-05 18:10 - 00001427 _____ C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-04 13:54 - 2012-12-06 17:29 - 00000000 ____D C:\Users\Hiden\AppData\Local\CrashDumps
2013-09-04 13:41 - 2013-07-09 17:27 - 00000000 ____D C:\ProgramData\eSafe
2013-09-04 13:40 - 2013-07-09 17:32 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Omiga Plus
2013-09-04 13:40 - 2013-06-19 16:24 - 00000000 ____D C:\Program Files (x86)\AutoLyrics
2013-09-04 13:40 - 2013-06-02 08:11 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-04 13:26 - 2013-07-23 08:44 - 00000000 ____D C:\Program Files (x86)\SafeSaver
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 12:40 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\NVIDIA
2013-09-04 12:38 - 2013-09-04 11:42 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:36 - 2012-12-05 18:05 - 00000000 ____D C:\Users\Hiden
2013-09-04 12:36 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.gu.bak
2013-09-04 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.gu.bak
2013-09-04 11:51 - 2012-12-24 20:47 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-09-04 11:51 - 2012-12-20 15:22 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-04 11:51 - 2012-12-07 14:49 - 00000000 ___RD C:\Users\Hiden\Desktop\Spiele
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:28 - 2013-08-28 15:03 - 00000000 ____D C:\hw64_422
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:27 - 2012-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-04 11:26 - 2012-12-06 09:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-04 11:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-09-04 11:25 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-04 11:09 - 2013-03-25 14:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 10:59 - 2013-09-01 08:34 - 00000000 ____D C:\Windows\Minidump
2013-09-04 08:53 - 2013-09-04 08:52 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 08:39 - 2012-12-06 09:55 - 00086552 _____ C:\Users\Hiden\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-04 08:28 - 2009-07-14 06:45 - 00343656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-04 08:26 - 2013-04-22 15:30 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-09-04 08:21 - 2013-02-28 19:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-04 08:20 - 2013-06-20 15:26 - 00000600 _____ C:\Windows\Rtcw.INI
2013-09-04 08:20 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\Documents\my games
2013-09-04 08:19 - 2013-07-09 17:19 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 22:12 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\TS3Client
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 17:01 - 2012-12-06 21:15 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\.minecraft
2013-09-02 11:09 - 2013-09-04 12:35 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-02 11:09 - 2013-09-04 11:42 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-02 08:17 - 2013-08-16 18:33 - 00000109 _____ C:\Windows\disney.ini
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 16:38 - 2013-08-31 10:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 13:17 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Local\TeamSpeak 3 Client
2013-08-29 13:16 - 2013-08-20 13:26 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-28 13:13 - 2012-12-20 15:27 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-28 11:21 - 2013-05-19 10:52 - 00000000 ____D C:\Users\Hiden\AppData\Local\Akamai
2013-08-28 11:21 - 2013-03-21 21:02 - 00000000 ____D C:\Program Files (x86)\Clownfish
2013-08-28 11:21 - 2013-01-27 13:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\ts3overlay
2013-08-28 11:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-28 11:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-28 10:28 - 2011-02-11 16:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-28 10:28 - 2011-02-11 16:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-28 10:28 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-23 19:34 - 2013-08-23 07:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-23 16:09 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-23 16:01 - 2013-08-22 17:06 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-23 15:21 - 2013-04-22 15:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-23 15:11 - 2012-12-25 11:58 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\uTorrent
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-22 17:47 - 2013-08-22 17:40 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:39 - 2013-03-09 17:02 - 00000000 ____D C:\Users\Hiden\AppData\Local\Unity
2013-08-22 17:38 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Origin
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 13:14 - 2012-12-05 18:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\Google
2013-08-22 13:12 - 2012-12-05 18:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-21 12:46 - 2013-08-21 12:43 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-20 20:32 - 2012-12-22 09:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 20:32 - 2012-12-06 17:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 20:32 - 2012-12-06 17:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 15:33 - 2013-09-04 11:10 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 15:32 - 2013-09-04 11:10 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-20 15:32 - 2013-09-04 11:10 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-20 10:48 - 2013-05-07 14:15 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:48 - 2013-03-25 14:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-17 10:49 - 2012-12-05 18:01 - 00218987 _____ C:\Windows\DirectX.log
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 18:38 - 2013-07-13 13:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:37 - 2012-12-06 10:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 11:20 - 2013-02-26 21:16 - 00037531 ____H C:\Users\Hiden\Desktop\ZbThumbnail.info
2013-08-15 11:16 - 2013-08-15 11:15 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 11:08 - 2013-08-15 11:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
2013-08-15 09:31 - 2013-06-19 16:25 - 00000000 ____D C:\Users\Hiden\Documents\bitComposer Games
2013-08-15 09:30 - 2013-04-28 12:38 - 00000000 ____D C:\Program Files (x86)\Nokia
2013-08-15 09:25 - 2013-07-24 13:22 - 00000000 ____D C:\Users\Hiden\AppData\Local\LogMeIn Hamachi
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-12 11:12 - 2013-04-19 21:18 - 00000000 ____D C:\ts3overlay
2013-08-11 11:21 - 2013-02-21 16:28 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-07 20:30 - 2013-08-07 20:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-07 20:30 - 2013-05-01 10:53 - 00286840 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-08-07 20:30 - 2013-05-01 10:52 - 00291210 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-08-07 12:24 - 2013-04-28 12:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\PC Suite
2013-08-07 12:23 - 2013-04-30 17:35 - 00000000 ____D C:\Users\Hiden\AppData\Local\Nokia
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-08-07 12:21 - 2013-04-28 12:44 - 00041042 _____ C:\Windows\DPINST.LOG
Files to move or delete:
====================
C:\Users\Hiden\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Hiden\AppData\Local\Temp\Tsu8F5BCA1D.dll
C:\Users\Hiden\AppData\Local\Temp\TsuE58EB0BC.dll
C:\Users\Hiden\AppData\Local\Temp\TsuEBBB588F.dll
C:\Users\Hiden\AppData\Local\Temp\uninst1.exe
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\_Setupx.dll
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Custom.dll
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Custom.dll
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\Temp1_RogueKiller_8.6.9.zip\RogueKillerX64.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\setup.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap32v.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap64v.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2UI.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\ReleaseHighlights.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\MSNetExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\detoured.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvFBC.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\NvGfeServiceBridge.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvsteamsupport.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamsvc.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\protobuf-net.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\rxinput.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\steam_api.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\detoured.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvFBC.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\NvGfeServiceBridge.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvsteamsupport.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\rxinput.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\steam_api64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avcodec-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avdevice-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avformat-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avutil-49.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\Bifrost.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\cudart32_41_0.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\NvStreamCExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\nvwinstreamc.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\swscale-0.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\7z.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\DisplayCplExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ExtensionLoader.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperience.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceControls.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceCore.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GridService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerUIExtension.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\log4net.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.Properties.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.UpdateService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Win32Api.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nvtmru.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\oaremote_plugin.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ShadowPlay.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Core.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Interfaces.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Linq.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Providers.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Windows.Interactivity.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperience.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\ComUpdatus.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\daemonu.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\UpdateExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\WLMerger.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Optimus\OptimusExt.dll
C:\Users\Hiden\AppData\Local\Temp\IDC3.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Hiden\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Hiden\AppData\Local\Temp\bus6D9D\BUSolution.dll
C:\Users\Hiden\AppData\Local\Temp\bus664C\CrxUpdater_g.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 12:09
==================== End Of Log ============================
|
|
05.09.2013, 14:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2013, 06:58
| #11 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder So, also hier noch combofix: Code:
ATTFilter ComboFix 13-09-06.01 - Hiden 06.09.2013 7:41.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4046.2691 [GMT 2:00]
ausgeführt von:: c:\users\Hiden\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hiden\AppData\Roaming\337
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\ebase.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\app_close.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\app_max.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\app_min.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\app_restore.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\wallpaper_resource.xml
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\window.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\en_us\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\es_es\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\pt_br\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\tr_tr\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\zh_tw\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\layout\default\dp_appwnd.xml
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\layout\default\msgbox.xml
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\libpng.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\main
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\msvcp100.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\msvcr100.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\ouilibnl.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\plusapp.exe
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\style\wallpaper_style.xml
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe
c:\users\Hiden\AppData\Roaming\convert\convert.exe
c:\users\Hiden\AppData\Roaming\Gizmo
c:\users\Hiden\AppData\Roaming\Gizmo\mru.xml
c:\users\Hiden\AppData\Roaming\Gizmo\update.xml
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\bootstrap.js
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\chrome.manifest
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\bg.js
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\zy.xul
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-06 bis 2013-09-06 ))))))))))))))))))))))))))))))
.
.
2013-09-04 14:55 . 2013-09-04 14:55 -------- d-----w- C:\FRST
2013-09-04 11:02 . 2013-09-04 11:02 -------- d-----w- c:\users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 11:02 . 2013-09-04 11:02 -------- d-----w- c:\programdata\Malwarebytes
2013-09-04 11:02 . 2013-09-04 11:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-04 11:02 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-04 10:35 . 2013-09-02 09:09 24352 ----a-w- c:\windows\system32\RegBootDefrag.exe
2013-09-04 10:23 . 2013-09-04 14:31 -------- d-----w- C:\_tools
2013-09-04 09:48 . 2013-09-04 09:48 -------- d-----w- c:\programdata\GlarySoft
2013-09-04 09:42 . 2013-09-02 09:09 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2013-09-04 09:42 . 2013-09-04 09:42 -------- d-----w- c:\users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 09:42 . 2013-09-04 10:38 -------- d-----w- c:\program files (x86)\Glary Utilities 3
2013-09-04 09:39 . 2013-09-04 09:39 -------- d-----w- c:\users\Hiden\AppData\Roaming\IObit
2013-09-04 09:27 . 2013-09-04 09:27 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-09-04 09:26 . 2013-06-21 10:23 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-04 09:26 . 2013-06-21 10:23 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-04 09:26 . 2013-06-21 10:23 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-04 09:26 . 2013-06-21 10:23 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-04 09:26 . 2013-06-21 10:23 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-04 09:26 . 2013-06-21 10:23 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-04 09:26 . 2013-06-20 04:17 3253909 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-04 09:17 . 2013-06-21 12:06 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-04 09:17 . 2013-06-21 12:06 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-04 09:17 . 2013-06-21 12:06 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-04 09:17 . 2013-06-21 12:06 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-09-04 09:10 . 2013-08-20 13:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-09-04 09:10 . 2013-08-20 13:32 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-09-04 09:10 . 2013-08-20 13:32 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-08-28 13:03 . 2013-09-04 09:28 -------- d-----w- C:\hw64_422
2013-08-28 13:01 . 2013-08-28 13:01 -------- d-----w- C:\cpu-z-166
2013-08-28 11:13 . 2013-08-28 11:13 -------- d-----w- c:\programdata\SummerSoft
2013-08-25 15:50 . 2013-08-25 15:50 -------- d-----w- c:\users\Hiden\AppData\Local\WebPlayer
2013-08-24 20:02 . 2013-04-23 15:03 87054 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libpdcurses.dll
2013-08-24 20:02 . 2013-04-23 15:03 45056 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\pthreadGC2.dll
2013-08-24 20:02 . 2013-04-23 15:03 323584 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\ssleay32.dll
2013-08-24 20:02 . 2013-04-23 15:03 309248 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libcurl-4.dll
2013-08-24 20:02 . 2013-04-23 15:03 224256 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libidn-11.dll
2013-08-24 20:02 . 2013-04-23 15:03 1479680 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libeay32.dll
2013-08-24 20:02 . 2013-04-23 15:03 122368 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\zlib1.dll
2013-08-24 20:02 . 2013-04-23 15:03 104960 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libusb-1.0.dll
2013-08-24 20:02 . 2013-09-04 13:09 587776 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\IE10\7z.exe
2013-08-23 09:27 . 2013-05-07 17:26 1751552 ----a-w- c:\users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe
2013-08-23 09:27 . 2013-08-23 09:27 -------- d-----w- c:\users\Hiden\AppData\Roaming\EvolutionClips
2013-08-22 15:06 . 2013-08-23 14:01 -------- d-----w- c:\program files (x86)\Battlefield 3
2013-08-21 10:43 . 2013-08-21 10:46 -------- d-----w- c:\program files (x86)\Black Ops 2
2013-08-20 14:26 . 2013-08-20 14:26 -------- d-----w- c:\program files (x86)\PowerISO
2013-08-20 14:26 . 2013-07-22 02:19 126872 ----a-w- c:\windows\system32\drivers\scdemu.sys
2013-08-20 11:26 . 2013-08-29 11:16 -------- d-----w- c:\users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-20 11:26 . 2013-08-20 11:26 -------- d-----w- c:\program files (x86)\Brotherhood Software
2013-08-17 08:50 . 2013-08-17 08:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-08-16 16:44 . 2013-08-16 16:44 -------- d-----w- c:\users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 16:34 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-08-16 16:34 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-08-16 16:34 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-08-16 16:34 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-08-16 16:34 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-08-16 16:34 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-08-15 09:15 . 2013-08-15 09:15 -------- d-----w- c:\programdata\ZoomBrowser
2013-08-15 09:15 . 2013-08-15 09:16 -------- d-----w- c:\program files (x86)\Canon
2013-08-15 07:56 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 07:56 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 07:56 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 07:56 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 07:56 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 07:56 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 07:56 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 07:56 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 07:49 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 07:49 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 17:37 . 2013-08-13 17:37 -------- d--h--w- c:\windows\PIF
2013-08-12 10:50 . 2013-08-12 10:50 -------- d-----w- c:\program files (x86)\Dokan
2013-08-07 18:30 . 2013-08-07 18:30 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-08-07 10:21 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2013-08-07 10:21 . 2013-08-07 10:21 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-04 09:09 . 2013-03-25 12:59 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-20 18:32 . 2012-12-06 15:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 18:32 . 2012-12-06 15:01 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 08:48 . 2013-05-07 12:15 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-20 08:48 . 2013-03-25 12:59 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-15 16:37 . 2012-12-06 08:43 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-15 07:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-24 13:06 . 2013-06-24 13:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 13:06 . 2012-12-06 19:52 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 13:06 . 2012-12-06 19:52 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-21 12:06 . 2012-12-06 07:57 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2012-12-06 07:57 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2013-07-02 1276152]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-02-16 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-20 347192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Gizmo.lnk - c:\program files (x86)\Gizmo\gizmo.exe /NoSplash /NoShow [2013-2-16 223640]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2012-12-5 379160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys;c:\windows\SYSNATIVE\drivers\FUJ02E3.sys [x]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 winzipersvc;WinZiper service;c:\program files (x86)\WinZipper\winzipersvc.exe;c:\program files (x86)\WinZipper\winzipersvc.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 18:32]
.
2013-09-06 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-09-02 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
mStart Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-06 07:52:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-09-06 05:52
.
Vor Suchlauf: 19 Verzeichnis(se), 156.486.045.696 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 156.376.690.688 Bytes frei
.
- - End Of File - - A6079AEFC127A252C6738E36CCA2838E
|
|
06.09.2013, 11:58
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.09.2013, 07:45
| #13 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wiederCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.09.09.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Hiden :: HIDEN-PC [administrator]
09.09.2013 07:57:11
mbar-log-2013-09-09 (07-57-11).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 272270
Time elapsed: 34 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Refog Software (Refog.Keylogger) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
09.09.2013, 08:57
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Was ist mit gmer?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.09.2013, 09:39
| #15 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder ByTheWay: Also, nach dem Neustart findet Malwarebytes anti rootkit und anti malware nix mehr, aber beim spielen von "Landwirtschaftssimulator 2013" klettert die gpu temperatur immer noch auf 100°C. Und das war ja der Grund warum ich überhaupt angefangen hab zu suchen, nach Fehlern. Nachdem ich das Spiel beendet habe sank zwar die Temperatur wieder auf 85°C und nach 5min auf 66°C runter und die GPU-Auslastung auf beinahe 0%, aber ist das normal, dass diese Graka (EVGA NVidia Geforce GT 610 mit 2GB Grafikspeicher) so warm wird? (Laut NVidia ist die Maximaltemperatur mit 102°C angegeben) LG |
|
| Themen zu Bitcoin Miner in svhost.exe erscheint nach Neustart wieder |
| abgebrochen, adware/adware.gen7, adware/airinstall.j, adware/bunndle.b, adware/installrex.g.1, adware/somoto.pd, adware/vittalia.af, adware/yontoo.gen, anti-malware, avira antivir, bitcoin, coinminer, eingefangen, malwarebytes, pup.bitcoinminer, pup.funmoods, pup.lyricsad, pup.optional.browserdefender.a, pup.optional.defaulttab.a, pup.optional.delta.a, pup.optional.multiplug.a, pup.optional.optimzerpro.a, pup.optional.sprotect.a, quarantäne, tr/crypt.upkm.gen, tr/rogue.8543085, tr/startpage.cab |
Linear-Darstellung
