| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Absturz Flashplayer / IP BlacklistedWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.10.2013, 12:14
| #1 |
| |  Windows 7: Absturz Flashplayer / IP Blacklisted Guten Tag zusammen, ich fürchte ich habe Mist gebaut, als ich im volltrunkenen Modus eine EXE angeklickt habe, obwohl ich eine RAR erwartet hab. Nun stürzt mein Flashplayer andauernd ab und ich kann keine Mails mehr verschicken, da meine IP-Adresse angeblich wegen Spam auf einer Blacklist steht. Wie empfohlen habe ich die Logs erstellt und hoffe auf kompetente Hilfe - danke! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:51 on 13/10/2013 (snick)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by snick (administrator) on SNICKSNICK on 13-10-2013 12:48:12
Running from D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) S:\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
() D:\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Steam] - S:\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [Windows Update Service] - "C:\ProgramData\Windows Update Service0\rjrwzmzis.exe"
MountPoints2: {701e1bcc-9c55-11e1-935f-ac7289478956} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {701e4013-9c55-11e1-935f-ac7289478956} - E:\MotoCastSetup.exe -a
MountPoints2: {7ee98008-3633-11e2-af3a-ac7289478956} - E:\MotoCastSetup.exe -a
MountPoints2: {80818129-0d33-11e2-8636-ac7289478956} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
IMEO\rstrui.exe: [Debugger] r_.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB5AD1FAD7B2CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "localhost"
FF NetworkProxy: "backup.ftp", "83.216.166.21"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.gopher", "83.216.166.21"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "83.216.166.21"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "83.216.166.21"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "localhost"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\searchplugins\leo.xml
FF SearchPlugin: C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\searchplugins\qipsearch.xml
FF SearchPlugin: C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\ich@maltegoetz.de
FF Extension: Pocket - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\isreaditlater@ideashower.com
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\temp
FF Extension: PDF Download - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF Extension: HTLiveSight - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{469b7d40-de9a-11e0-9572-0800200c9a66}
FF Extension: FEBE - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF Extension: All-in-One Gestures - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF Extension: FoxTrick - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF Extension: DownloadHelper - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: DeviantCopyPaste - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{d5e41cd-997d-135b-2aa5-7e5c952d427}
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\Extensions.rdf
FF Extension: firefox - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\installed-extensions.txt
FF Extension: secureLogin - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\secureLogin@blueimp.net.xpi
FF Extension: spam - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\spam@trashmail.net.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
==================== Services (Whitelisted) =================
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-02] ()
==================== Drivers (Whitelisted) ====================
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-22] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-09-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 ASUSProcObsrv; \??\Z:\I386\AsPrOb64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-13 12:48 - 2013-10-13 12:48 - 00000000 ____D C:\FRST
2013-10-13 12:46 - 2013-10-13 12:46 - 00000000 _____ C:\Users\snick\defogger_reenable
2013-10-13 10:54 - 2013-10-13 10:56 - 00000336 _____ C:\Windows\setupact.log
2013-10-13 10:54 - 2013-10-13 10:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-13 00:40 - 2013-10-13 12:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-13 00:40 - 2013-10-13 00:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-13 00:40 - 2013-10-13 00:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-13 00:40 - 2013-10-13 00:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 18:10 - 2013-10-11 18:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 17:08 - 2013-10-11 17:08 - 00052199 _____ C:\Users\snick\Desktop\Garderobe.skp
2013-10-11 16:49 - 2013-10-11 16:49 - 00000837 _____ C:\Users\snick\AppData\Local\recently-used.xbel
2013-10-11 07:21 - 2013-10-11 07:21 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-10 17:27 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 17:27 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 17:27 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 17:27 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 17:27 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 17:27 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 17:27 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 17:27 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 17:27 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 17:27 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 17:38 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:38 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:38 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:38 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:38 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:38 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:38 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:38 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:38 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:38 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:38 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:38 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:38 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:38 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:38 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 17:38 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:38 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 17:38 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:38 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:38 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:38 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:38 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:38 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:38 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:38 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:38 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:38 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:38 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:38 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:38 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:38 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:38 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:38 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:38 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:38 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:38 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:38 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:38 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:37 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 17:37 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:37 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:37 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:37 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 18:51 - 2013-10-12 19:08 - 00000000 __SHD C:\ProgramData\Windows Update Service0
2013-10-08 18:51 - 2013-10-09 17:28 - 00003298 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x1FE004EA
2013-10-08 18:46 - 2013-10-08 18:46 - 00000000 ____D C:\Users\snick\AppData\Local\MPlayer
2013-10-06 14:14 - 2013-10-06 14:15 - 00000000 ____D C:\Users\snick\AppData\Local\Alt.Binz
2013-10-06 14:14 - 2013-10-06 14:14 - 00000000 ____D C:\Program Files (x86)\Alt.Binz
2013-10-03 11:07 - 2013-10-03 11:13 - 00000000 ____D C:\Users\snick\Documents\Battlefield 4
2013-10-02 20:30 - 2013-10-02 20:30 - 00000921 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-02 20:30 - 2013-10-02 20:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-02 19:54 - 2013-10-07 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 14:18 - 2013-10-06 15:16 - 00000000 ____D C:\Users\snick\Desktop\diverse Fotos
2013-09-21 01:12 - 2013-09-29 14:16 - 00000000 ____D C:\Users\snick\Desktop\Bauch
2013-09-20 23:25 - 2013-09-20 23:25 - 00000000 ____D C:\Users\snick\Documents\Egosoft
2013-09-20 23:00 - 2013-09-20 23:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-20 23:00 - 2013-09-20 23:00 - 00000000 ____D C:\Windows\system32\NV
2013-09-20 22:58 - 2013-09-22 17:18 - 00022528 _____ C:\Users\snick\Desktop\Auto.xls
2013-09-20 19:20 - 2013-09-20 19:20 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-20 19:17 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-20 19:17 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2013-09-20 19:17 - 2013-09-12 10:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00032032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-09-20 19:17 - 2013-06-16 14:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-20 19:17 - 2013-06-16 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-13 15:36 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 15:36 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 15:36 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 15:36 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 15:36 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 15:36 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 15:36 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 15:36 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 15:36 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 15:36 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 15:36 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 15:36 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-13 12:48 - 2013-10-13 12:48 - 00000000 ____D C:\FRST
2013-10-13 12:46 - 2013-10-13 12:46 - 00000000 _____ C:\Users\snick\defogger_reenable
2013-10-13 12:46 - 2012-05-11 18:48 - 00000000 ____D C:\Users\snick
2013-10-13 12:23 - 2012-10-29 22:13 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-13 12:20 - 2013-08-25 16:55 - 00000000 ____D C:\Users\snick\AppData\Roaming\Skype
2013-10-13 12:11 - 2013-10-13 00:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-13 11:22 - 2013-01-27 12:44 - 01207555 _____ C:\Windows\WindowsUpdate.log
2013-10-13 11:02 - 2009-07-14 06:45 - 00016016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 11:02 - 2009-07-14 06:45 - 00016016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 11:01 - 2009-07-14 19:58 - 02501706 _____ C:\Windows\system32\perfh007.dat
2013-10-13 11:01 - 2009-07-14 19:58 - 00726138 _____ C:\Windows\system32\perfc007.dat
2013-10-13 11:01 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 10:57 - 2013-06-15 12:22 - 00000000 ____D C:\Users\snick\AppData\Roaming\Winamp
2013-10-13 10:56 - 2013-10-13 10:54 - 00000336 _____ C:\Windows\setupact.log
2013-10-13 10:55 - 2013-03-15 20:49 - 00000326 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-10-13 10:55 - 2012-10-29 22:13 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 10:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 10:54 - 2013-10-13 10:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-13 10:54 - 2012-05-13 01:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-13 01:29 - 2012-05-12 16:12 - 00000000 ____D C:\Users\snick\AppData\Roaming\vlc
2013-10-13 00:40 - 2013-10-13 00:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-13 00:40 - 2013-10-13 00:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-13 00:40 - 2013-10-13 00:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-13 00:06 - 2012-05-11 19:40 - 00000000 ____D C:\Windows\Panther
2013-10-12 19:08 - 2013-10-08 18:51 - 00000000 __SHD C:\ProgramData\Windows Update Service0
2013-10-11 21:30 - 2012-05-11 18:48 - 00000000 ___RD C:\Users\snick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-11 21:29 - 2012-06-23 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-11 21:29 - 2012-05-13 09:52 - 00000000 ____D C:\Users\snick\AppData\Roaming\Dropbox
2013-10-11 18:20 - 2012-05-12 20:51 - 00000000 ____D C:\Users\snick\Documents\WISO Mein Geld
2013-10-11 18:14 - 2013-10-11 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 17:08 - 2013-10-11 17:08 - 00052199 _____ C:\Users\snick\Desktop\Garderobe.skp
2013-10-11 17:08 - 2013-01-20 15:25 - 00000000 ____D C:\Users\snick\.gimp-2.8
2013-10-11 17:04 - 2013-04-26 06:58 - 00000000 ____D C:\Users\snick\Desktop\Wohnung
2013-10-11 16:49 - 2013-10-11 16:49 - 00000837 _____ C:\Users\snick\AppData\Local\recently-used.xbel
2013-10-11 07:21 - 2013-10-11 07:21 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-11 07:21 - 2012-10-07 17:25 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-11 07:21 - 2012-10-07 17:25 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-11 07:18 - 2012-10-29 22:13 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 07:18 - 2012-10-29 22:13 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 18:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 17:45 - 2009-07-14 06:45 - 00289544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 17:44 - 2012-09-25 21:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 17:44 - 2012-09-25 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 17:24 - 2013-07-14 16:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 17:22 - 2012-05-15 17:52 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 17:21 - 2012-05-11 23:11 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-10 17:21 - 2012-05-11 23:11 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-10 17:21 - 2012-05-11 23:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-09 19:01 - 2013-08-24 11:23 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-09 19:01 - 2013-08-24 09:12 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-09 19:01 - 2013-08-24 09:12 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-09 17:28 - 2013-10-08 18:51 - 00003298 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x1FE004EA
2013-10-08 18:46 - 2013-10-08 18:46 - 00000000 ____D C:\Users\snick\AppData\Local\MPlayer
2013-10-07 20:57 - 2013-10-02 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-07 19:10 - 2012-05-22 07:51 - 00000000 ____D C:\Users\snick\AppData\Roaming\DAEMON Tools Lite
2013-10-06 15:16 - 2013-09-29 14:18 - 00000000 ____D C:\Users\snick\Desktop\diverse Fotos
2013-10-06 14:15 - 2013-10-06 14:14 - 00000000 ____D C:\Users\snick\AppData\Local\Alt.Binz
2013-10-06 14:14 - 2013-10-06 14:14 - 00000000 ____D C:\Program Files (x86)\Alt.Binz
2013-10-03 11:13 - 2013-10-03 11:07 - 00000000 ____D C:\Users\snick\Documents\Battlefield 4
2013-10-03 11:07 - 2013-08-24 11:22 - 00000000 ____D C:\Users\snick\AppData\Local\PunkBuster
2013-10-03 09:56 - 2012-05-11 23:41 - 00000000 ____D C:\Users\snick\AppData\Local\Mozilla
2013-10-02 20:30 - 2013-10-02 20:30 - 00000921 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-02 20:30 - 2013-10-02 20:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-02 20:30 - 2013-08-24 09:12 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-30 21:36 - 2013-08-24 11:22 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-29 14:16 - 2013-09-21 01:12 - 00000000 ____D C:\Users\snick\Desktop\Bauch
2013-09-29 14:03 - 2012-05-12 13:17 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-28 01:00 - 2012-05-12 12:53 - 00000000 ____D C:\Users\snick\Documents\OpenTTD
2013-09-23 01:28 - 2013-10-10 17:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-10 17:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-10 17:27 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-10 17:27 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-10 17:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-10 17:27 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-22 17:18 - 2013-09-20 22:58 - 00022528 _____ C:\Users\snick\Desktop\Auto.xls
2013-09-21 05:38 - 2013-10-10 17:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-10 17:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-10 17:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-10 17:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-20 23:25 - 2013-09-20 23:25 - 00000000 ____D C:\Users\snick\Documents\Egosoft
2013-09-20 23:13 - 2012-09-23 02:29 - 00000000 ____D C:\Users\snick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-20 23:00 - 2013-09-20 23:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-20 23:00 - 2013-09-20 23:00 - 00000000 ____D C:\Windows\system32\NV
2013-09-20 19:20 - 2013-09-20 19:20 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-20 19:20 - 2012-05-13 01:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-18 10:21 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-14 11:07 - 2012-05-11 18:48 - 00000000 ___RD C:\Users\snick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 03:10 - 2013-10-09 17:38 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
Some content of TEMP:
====================
C:\Users\snick\AppData\Local\Temp\fp_pl_pfs_installer.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-03 10:13
==================== End Of Log ============================
|
|
13.10.2013, 12:15
| #2 |
| | Windows 7: Absturz Flashplayer / IP BlacklistedCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by snick at 2013-10-13 12:48:45
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.4)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.6)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1)
Adobe Reader X (10.1.6) - Deutsch (x32 Version: 10.1.6)
Alt.Binz 0.39.4 (x32 Version: 0.39.4)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.6.3.0)
Assetto Corsa - Technology Preview Version 0.9.9 (x32 Version: 0.9.9)
ATK Package (x32 Version: 1.0.0018)
Atom Zombie Smasher (x32)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlefield 4™ Beta (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
BattlEye for OA Uninstall (x32)
Blobby Volley 2 Version 1.0RC1 (x32)
Braid (x32)
BufferChm (x32 Version: 140.0.212.000)
C410 (x32 Version: 140.0.273.000)
CCleaner (Version: 4.05)
Company of Heroes (x32 Version: 1.0.0.78)
Company of Heroes (x32)
Company of Heroes: Opposing Fronts (x32)
Company of Heroes: Tales of Valor (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Counter-Strike: Source (x32)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
Dear Esther (x32)
Defense Grid: The Awakening (x32)
Democracy 2 (x32)
Deponia (x32)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
DocProc (x32 Version: 140.0.99.000)
Don't Starve (x32)
Dota 2 (x32)
Dota 2 Test (x32)
Dropbox (HKCU Version: 2.0.22)
ElsterFormular (x32 Version: 14.3.11574)
ESN Sonar (x32 Version: 0.70.4)
F1 2012 (x32)
Faster Than Light (x32)
Fax (x32 Version: 140.0.212.000)
FIFA 13 version 5.1 (x32 Version: 5.1)
FlatOut2 (x32 Version: 1.00.0000)
Free YouTube to MP3 Converter version 3.12.9.725 (x32 Version: 3.12.9.725)
FTL: Faster Than Light (x32)
GeForce Experience NvStream Client Components (Version: 0.1.87)
GIMP 2.8.2 (Version: 2.8.2)
Glary Utilities 2.53.0.1726 (x32 Version: 2.53.0.1726)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.211.000)
Gratuitous Space Battles (x32)
Gratuitous Tank Battles (x32)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Solution Center 14.0 (Version: 14.0)
HP Unified IO (Version: 2.0.0.399)
HP Unified IO (x32 Version: 2.0.0.399)
HP Update (x32 Version: 5.002.002.002)
HPAppStudio (x32 Version: 140.0.95.000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.01.1000)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Kerbal Space Program (x32)
LIMBO (x32)
Logitech Gaming Software 8.40 (Version: 8.40.83)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Image Composite Editor (Version: 1.4.4)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte (x32 Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0.1)
Mozilla Thunderbird 24.0.1 (x86 de) (x32 Version: 24.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
NBA 2K13 (x32)
Network64 (Version: 140.0.215.000)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA Optimus 8.3.14 (Version: 8.3.14)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Origin (x32 Version: 9.3.1.4482)
Picasa 3 (x32 Version: 3.9)
Populous (x32 Version: 1.0.0.0)
Pro Evolution Soccer 2013 version 5.1 (x32 Version: 5.1)
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000)
PunkBuster Services (x32 Version: 0.993)
QuickTransfer (x32 Version: 140.0.98.000)
RaceRoom Racing Experience (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6410)
Reus (x32)
Scan (x32 Version: 140.0.80.000)
SES Driver (Version: 1.0.0)
SHIELD Streaming (Version: 1.05.28)
Sid Meier's Civilization V (x32)
Six Updater (x32 Version: 2.09.7016)
SketchUp 8 (x32 Version: 3.0.16944)
Skype™ 6.7 (x32 Version: 6.7.102)
SolutionCenter (x32 Version: 140.0.214.000)
SonicMaster (x32 Version: 1.0.0.4)
Status (x32 Version: 140.0.256.000)
Steam (x32 Version: 1.0.0.0)
Supreme Commander 2 (x32)
Synaptics Pointing Device Driver (Version: 15.3.6.0)
System Requirements Lab CYRI (64-bit) (Version: 4.5.1.0)
System Requirements Lab CYRI (x32 Version: 6.0.3.0)
System Requirements Lab for Intel (x32 Version: 4.5.15.0)
TeamSpeak 3 Client (HKCU Version: 3.0.10.1)
TeamViewer 8 (x32 Version: 8.0.20202)
The Bridge (x32)
The Swapper (x32)
Toolbox (x32 Version: 140.0.428.000)
TrackMania² Stadium Open Beta (x32)
TrayApp (x32 Version: 140.0.212.000)
Trials Evolution Gold Edition (x32)
Trine 2 (x32)
Tropico 4 (x32)
TrueCrypt (x32 Version: 7.1a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Uplay (x32 Version: 2.0)
VLC media player 2.1.0 (x32 Version: 2.1.0)
WebReg (x32 Version: 140.0.212.017)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (Version: 03/06/2009 1.0.0008.0)
WISO Mein Geld 2013 Professional (x32 Version: 15.0.0.1)
World of Goo (x32)
World of Tanks (x32)
X3: Albion Prelude (x32)
X3: Reunion (x32)
X3: Terran Conflict (x32)
==================== Restore Points =========================
24-09-2013 20:40:43 Windows Update
28-09-2013 22:59:17 Windows Update
02-10-2013 18:29:21 DirectX wurde installiert
02-10-2013 18:30:14 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
03-10-2013 07:59:40 Windows Update
06-10-2013 08:29:07 Windows Update
09-10-2013 15:38:35 Windows Update
10-10-2013 15:20:37 Windows Update
11-10-2013 05:21:14 Installed Java 7 Update 40 (64-bit)
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-01-20 20:22 - 00002385 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 activate.adobe.com:443
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 ereg.wip3.adobe.com
There are 21 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1CF9FB6A-1C16-48A3-A091-A84DB571AC06} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {220AFB4E-81C4-465D-8F92-A8B4372D604E} - System32\Tasks\Windows Update Check - 0x1FE004EA => C:\ProgramData\Windows
Task: {255646FA-B521-4585-A65D-DE719E3A7B12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29] (Google Inc.)
Task: {386AEA6B-A62A-4EA0-8E45-98564B42DEF8} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-05-02] (ASUSTek Computer Inc.)
Task: {9479A67E-D98D-4554-B843-2CEF91708412} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29] (Google Inc.)
Task: {99376FC4-A69D-4624-BCBC-88F2D142A1F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-13] (Adobe Systems Incorporated)
Task: {A761ACA2-7A2F-4ECE-8E07-9BDC85B038AE} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-02-04] (Glarysoft Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-05-11 23:29 - 2011-04-10 04:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-12 18:10 - 2013-08-22 00:18 - 00687104 _____ () S:\Steam\SDL2.dll
2012-05-12 23:59 - 2013-10-09 04:19 - 01121704 _____ () S:\Steam\bin\chromehtml.DLL
2012-05-12 23:59 - 2013-09-11 00:20 - 20625832 _____ () S:\Steam\bin\libcef.dll
2012-05-12 23:59 - 2013-06-15 01:49 - 01100800 _____ () S:\Steam\bin\avcodec-53.dll
2012-05-12 23:59 - 2013-06-15 01:49 - 00124416 _____ () S:\Steam\bin\avutil-51.dll
2012-05-12 23:59 - 2013-06-15 01:49 - 00192000 _____ () S:\Steam\bin\avformat-53.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00064512 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2013-10-13 10:57 - 2013-10-13 10:57 - 00010752 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\auth.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00069120 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\burnlib.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00013824 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\dsp_sps.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00006656 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_fhgaac.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004096 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_flac.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00005632 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_lame.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004096 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_vorbis.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004096 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_wav.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00006144 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_wma.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00023552 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_classicart.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00007168 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_crasher.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00023040 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_ff.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004096 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_find_on_disk.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00011776 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_hotkeys.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00041984 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_jumpex.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00041984 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_jumpex_original.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00021504 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_ml.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00009728 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_nopro.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00007168 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_orgler.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00014848 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_play_remove.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00011776 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_skinmanager.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00010240 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_timerestore.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00008192 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_tray.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00010752 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_undo.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00005120 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_avi.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00014336 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_cdda.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00006656 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_dshow.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00005632 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_flac.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00003584 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_flv.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00003584 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_linein.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00020480 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_midi.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004608 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_mkv.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00018944 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_mod.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00023040 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_mp3.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00005120 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_mp4.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00011776 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_nsv.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00003584 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_swf.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00011264 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_vorbis.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00006656 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_wav.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00005632 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_wave.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00015360 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_wm.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004608 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_wv.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00003584 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_addons.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00006656 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_autotag.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00005120 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_bookmarks.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00008704 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_devices.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00047616 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_disc.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00009728 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_downloads.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004608 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_enqplay.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00008704 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_history.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00005120 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_impex.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00056320 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_local.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00003584 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_nowplaying.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00014336 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_online.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004096 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_orb.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00012800 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_playlists.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00034816 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_plg.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00047104 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_pmp.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00005120 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_rg.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00008192 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_transcode.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00014848 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_wire.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00036352 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ombrowser.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00006144 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\out_disk.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00016384 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\out_ds.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00007680 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\out_wave.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00003072 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\playlist.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004608 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_activesync.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00020480 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_android.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00036864 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_ipod.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00003584 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_njb.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004096 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_p4s.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00011776 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_usb.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00039424 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_wifi.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00006144 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\tagz.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00088064 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\vis_avs.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00156160 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\vis_milk2.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00007680 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\vis_nsfs.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00206336 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\winamp.lng
2013-10-13 10:57 - 2013-10-13 10:57 - 00004096 _____ () C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\winampa.lng
2012-06-20 18:14 - 2013-06-15 12:23 - 00023552 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00087552 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00091136 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2012-06-20 18:14 - 2013-06-15 12:23 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00164864 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00290816 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00340992 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2012-06-20 18:14 - 2013-06-15 12:23 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2011-11-11 00:10 - 2013-06-15 12:23 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00318976 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00294912 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00084480 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00124928 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00201728 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00240640 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
2012-06-20 18:14 - 2013-06-15 12:23 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
2013-10-11 18:10 - 2013-10-11 18:10 - 03008112 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-10-11 18:10 - 2013-10-11 18:10 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-11 18:10 - 2013-10-11 18:10 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-10-02 19:54 - 2013-10-02 19:55 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-13 00:40 - 2013-10-13 00:40 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart Prem C410 series
Description: Photosmart Prem C410 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/13/2013 11:01:06 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (10/13/2013 11:01:06 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/13/2013 11:01:06 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/13/2013 00:04:14 AM) (Source: Application Hang) (User: )
Description: Programm Skype.exe, Version 6.7.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1110
Startzeit: 01cec76daae3fe7a
Endzeit: 7
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID: 2e0a9d32-338a-11e3-9e02-ac7289478956
Error: (10/12/2013 07:12:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (10/12/2013 07:12:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/12/2013 07:12:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/11/2013 09:56:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (10/11/2013 09:56:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (10/11/2013 09:56:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (10/13/2013 11:08:28 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.159.1988.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.3.0219.00
Quellpfad: 4.3.0219.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/11/2013 09:41:41 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.159.1898.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.3.0219.00
Quellpfad: 4.3.0219.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/11/2013 06:17:30 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (10/08/2013 05:17:05 PM) (Source: DCOM) (User: )
Description: {AD1B0A76-DBB2-45C2-8403-45B8DD7FD503}
Error: (10/08/2013 05:16:29 PM) (Source: DCOM) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
Error: (10/07/2013 11:35:40 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (10/07/2013 10:52:01 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.159.1551.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.3.0215.00
Quellpfad: 4.3.0215.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/07/2013 10:52:01 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.159.1551.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.3.0215.00
Quellpfad: 4.3.0215.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/06/2013 11:02:47 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (09/29/2013 00:46:12 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 29.09.2013 um 00:25:14 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (10/13/2013 11:01:06 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (10/13/2013 11:01:06 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/13/2013 11:01:06 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/13/2013 00:04:14 AM) (Source: Application Hang)(User: )
Description: Skype.exe6.7.0.102111001cec76daae3fe7a7C:\Program Files (x86)\Skype\Phone\Skype.exe2e0a9d32-338a-11e3-9e02-ac7289478956
Error: (10/12/2013 07:12:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (10/12/2013 07:12:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/12/2013 07:12:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/11/2013 09:56:06 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (10/11/2013 09:56:06 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (10/11/2013 09:56:06 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 8102.06 MB
Available physical RAM: 3794.91 MB
Total Pagefile: 16202.3 MB
Available Pagefile: 11995.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (System & Programme) (Fixed) (Total:119.24 GB) (Free:50.25 GB) NTFS
Drive d: (Datenhalde) (Fixed) (Total:390.62 GB) (Free:15.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive s: (Spiele) (Fixed) (Total:283.01 GB) (Free:30.59 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=391 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 1B0CAB94)
Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-13 12:59:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 OCZ-VERT rev.1.3_ 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\snick\AppData\Local\Temp\pxriqaod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033fa000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800033fa040 1 byte [0F]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007778af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077794a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007781a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcd7490 11 bytes JMP 000007fffd860228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdcebf00 7 bytes JMP 000007fffd860260
.text C:\Windows\SysWOW64\PnkBstrA.exe[2268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072921a22 2 bytes [92, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072921ad0 2 bytes [92, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072921b08 2 bytes [92, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072921bba 2 bytes [92, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072921bda 2 bytes [92, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75]
.text ... * 2
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a01eee 7 bytes JMP 00000001717b168b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a05b85 7 bytes JMP 00000001717b11a4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a113e1 7 bytes JMP 00000001717b1280
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a1ea0d 7 bytes JMP 00000001717b123a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a2b1d3 5 bytes JMP 00000001717b15a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075aa88b4 7 bytes JMP 00000001717b132f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075aa8939 5 bytes JMP 00000001717b16cc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075aa8c8f 5 bytes JMP 00000001717b1703
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757a1d1b 5 bytes JMP 00000001717b11bd
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757a1dc9 5 bytes JMP 00000001717b1014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757a2aa4 5 bytes JMP 00000001717b154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757a2d0a 5 bytes JMP 00000001717b1267
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 00000001717b171c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001717b10a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b3e567 5 bytes JMP 00000001717b140b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b77a5c 5 bytes JMP 00000001717b15c8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c2e9a2 5 bytes JMP 00000001717b15b9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c2ebdc 5 bytes JMP 00000001717b1181
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075f35ea5 5 bytes JMP 00000001717b15f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f69d0b 5 bytes JMP 00000001717b1217
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007778af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077794a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007781a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8122460 5 bytes JMP 000007fefd8602d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3852] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef81596b0 6 bytes JMP 000007fefd860298
.text C:\Windows\system32\taskeng.exe[3916] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Windows\system32\taskeng.exe[3916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Windows\system32\taskeng.exe[3916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Windows\system32\taskeng.exe[3916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Windows\system32\taskeng.exe[3916] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Windows\system32\taskeng.exe[3916] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text C:\Windows\system32\taskeng.exe[3916] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcd7490 11 bytes JMP 000007fffd860228
.text C:\Windows\system32\taskeng.exe[3916] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdcebf00 7 bytes JMP 000007fffd860260
.text C:\Windows\system32\Dwm.exe[3944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Windows\system32\Dwm.exe[3944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Windows\system32\Dwm.exe[3944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Windows\system32\Dwm.exe[3944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Windows\system32\Dwm.exe[3944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Windows\system32\Dwm.exe[3944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text C:\Windows\system32\Dwm.exe[3944] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef690dc88 5 bytes JMP 000007fff68e00d8
.text C:\Windows\system32\Dwm.exe[3944] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef690de10 5 bytes JMP 000007fff68e0110
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a01eee 7 bytes JMP 00000001717b168b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a05b85 7 bytes JMP 00000001717b11a4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a113e1 7 bytes JMP 00000001717b1280
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a1ea0d 7 bytes JMP 00000001717b123a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a2b1d3 5 bytes JMP 00000001717b15a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075aa88b4 7 bytes JMP 00000001717b132f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075aa8939 5 bytes JMP 00000001717b16cc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075aa8c8f 5 bytes JMP 00000001717b1703
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757a1d1b 5 bytes JMP 00000001717b11bd
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757a1dc9 5 bytes JMP 00000001717b1014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757a2aa4 5 bytes JMP 00000001717b154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757a2d0a 5 bytes JMP 00000001717b1267
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 00000001717b171c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001717b10a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b3e567 5 bytes JMP 00000001717b140b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b77a5c 5 bytes JMP 00000001717b15c8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c2e9a2 5 bytes JMP 00000001717b15b9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c2ebdc 5 bytes JMP 00000001717b1181
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075f35ea5 5 bytes JMP 00000001717b15f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4068] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f69d0b 5 bytes JMP 00000001717b1217
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a01eee 7 bytes JMP 00000001717b168b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a05b85 7 bytes JMP 00000001717b11a4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a113e1 7 bytes JMP 00000001717b1280
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a1ea0d 7 bytes JMP 00000001717b123a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a2b1d3 5 bytes JMP 00000001717b15a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075aa88b4 7 bytes JMP 00000001717b132f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075aa8939 5 bytes JMP 00000001717b16cc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075aa8c8f 5 bytes JMP 00000001717b1703
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757a1d1b 5 bytes JMP 00000001717b11bd
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757a1dc9 5 bytes JMP 00000001717b1014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757a2aa4 5 bytes JMP 00000001717b154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757a2d0a 5 bytes JMP 00000001717b1267
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 00000001717b171c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001717b10a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b3e567 5 bytes JMP 00000001717b140b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b77a5c 5 bytes JMP 00000001717b15c8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c2e9a2 5 bytes JMP 00000001717b15b9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c2ebdc 5 bytes JMP 00000001717b1181
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075f35ea5 5 bytes JMP 00000001717b15f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3864] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f69d0b 5 bytes JMP 00000001717b1217
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a01eee 7 bytes JMP 00000001717b168b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a05b85 7 bytes JMP 00000001717b11a4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a113e1 7 bytes JMP 00000001717b1280
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a1ea0d 7 bytes JMP 00000001717b123a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a2b1d3 5 bytes JMP 00000001717b15a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075aa88b4 7 bytes JMP 00000001717b132f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075aa8939 5 bytes JMP 00000001717b16cc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075aa8c8f 5 bytes JMP 00000001717b1703
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757a1d1b 5 bytes JMP 00000001717b11bd
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757a1dc9 5 bytes JMP 00000001717b1014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757a2aa4 5 bytes JMP 00000001717b154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757a2d0a 5 bytes JMP 00000001717b1267
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 00000001717b171c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001717b10a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b3e567 5 bytes JMP 00000001717b140b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b77a5c 5 bytes JMP 00000001717b15c8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c2e9a2 5 bytes JMP 00000001717b15b9
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c2ebdc 5 bytes JMP 00000001717b1181
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075f35ea5 5 bytes JMP 00000001717b15f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4080] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f69d0b 5 bytes JMP 00000001717b1217
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007778af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077794a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007781a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[3836] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007778af40 7 bytes JMP 000000016fff0260
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077794a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777b2990 5 bytes JMP 000000016fff01f0
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777befe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777e99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777f94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777f9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007781a500 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcd7490 11 bytes JMP 000007fffd860228
.text C:\Windows\System32\igfxpers.exe[1536] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdcebf00 7 bytes JMP 000007fffd860260
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a01eee 7 bytes JMP 00000001717b168b
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a05b85 7 bytes JMP 00000001717b11a4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a113e1 7 bytes JMP 00000001717b1280
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a1ea0d 7 bytes JMP 00000001717b123a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a2b1d3 5 bytes JMP 00000001717b15a0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075aa88b4 7 bytes JMP 00000001717b132f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075aa8939 5 bytes JMP 00000001717b16cc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075aa8c8f 5 bytes JMP 00000001717b1703
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757a1d1b 5 bytes JMP 00000001717b11bd
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757a1dc9 5 bytes JMP 00000001717b1014
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757a2aa4 5 bytes JMP 00000001717b154b
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757a2d0a 5 bytes JMP 00000001717b1267
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c2e9a2 5 bytes JMP 00000001717b15b9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c2ebdc 5 bytes JMP 00000001717b1181
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 00000001717b171c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001717b10a0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b3e567 5 bytes JMP 00000001717b140b
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b77a5c 5 bytes JMP 00000001717b15c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075f35ea5 5 bytes JMP 00000001717b15f0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4144] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f69d0b 5 bytes JMP 00000001717b1217
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007778af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077794a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007781a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[476] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007778af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077794a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007781a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe[3648] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007778af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077794a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007781a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd872db0 5 bytes JMP 000007fffd860180
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8737d0 7 bytes JMP 000007fffd8600d8
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd878ef0 6 bytes JMP 000007fffd860148
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88af60 5 bytes JMP 000007fffd860110
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffc489e0 8 bytes JMP 000007fffd8601f0
.text C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffc4be40 8 bytes JMP 000007fffd8601b8
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a01eee 7 bytes JMP 00000001717b168b
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a05b85 7 bytes JMP 00000001717b11a4
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a113e1 7 bytes JMP 00000001717b1280
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a1ea0d 7 bytes JMP 00000001717b123a
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a2b1d3 5 bytes JMP 00000001717b15a0
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075aa88b4 7 bytes JMP 00000001717b132f
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075aa8939 5 bytes JMP 00000001717b16cc
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075aa8c8f 5 bytes JMP 00000001717b1703
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757a1d1b 5 bytes JMP 00000001717b11bd
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757a1dc9 5 bytes JMP 00000001717b1014
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757a2aa4 5 bytes JMP 00000001717b154b
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757a2d0a 5 bytes JMP 00000001717b1267
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c2e9a2 5 bytes JMP 00000001717b15b9
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c2ebdc 5 bytes JMP 00000001717b1181
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 00000001717b171c
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001717b10a0
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b3e567 5 bytes JMP 00000001717b140b
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b77a5c 5 bytes JMP 00000001717b15c8
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075f35ea5 5 bytes JMP 00000001717b15f0
.text D:\Downloads\gmer_2.1.19163.exe[1624] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f69d0b 5 bytes JMP 00000001717b1217
---- Processes - GMER 2.1 ----
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\auth.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000010000000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\burnlib.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 00000000002d0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\dsp_sps.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000000260000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_fhgaac.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000000340000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_flac.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000000350000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_lame.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 00000000003e0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_vorbis.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 00000000003f0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_wav.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 00000000007d0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\enc_wma.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002700000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_classicart.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002710000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_crasher.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002be0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_ff.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002bf0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_find_on_disk.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c00000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_hotkeys.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c10000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_jumpex.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c20000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_jumpex_original.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c30000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_ml.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c40000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_nopro.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c50000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_orgler.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c60000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_play_remove.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c70000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_skinmanager.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c80000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_timerestore.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002c90000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_tray.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002ca0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\gen_undo.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002cb0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_avi.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002cc0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_cdda.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002cd0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_dshow.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002ce0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_flac.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002cf0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_flv.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d00000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_linein.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d10000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_midi.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d20000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_mkv.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d30000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_mod.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d40000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_mp3.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d50000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_mp4.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d60000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_nsv.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d70000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_swf.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d80000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_vorbis.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002d90000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_wav.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002da0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_wave.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002db0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_wm.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002dc0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\in_wv.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002dd0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_addons.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002de0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_autotag.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002df0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_bookmarks.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e00000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_devices.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e10000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_disc.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e20000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_downloads.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e30000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_enqplay.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e40000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_history.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e50000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_impex.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e60000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_local.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e70000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_nowplaying.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002e90000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_online.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002ea0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_orb.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002eb0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_playlists.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002ec0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_plg.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002ed0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_pmp.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002ee0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_rg.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002ef0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_transcode.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f00000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ml_wire.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f10000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\ombrowser.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f20000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\out_disk.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f30000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\out_ds.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f40000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\out_wave.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f50000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\playlist.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f60000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_activesync.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f70000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_android.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f80000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_ipod.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002f90000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_njb.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002fa0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_p4s.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002fb0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_usb.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002fc0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\pmp_wifi.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002fd0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\tagz.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002fe0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\vis_avs.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000002ff0000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\vis_milk2.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000003010000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\vis_nsfs.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000003040000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\winamp.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000003050000
Library C:\Users\snick\AppData\Local\Temp\WLZ9E31.tmp\winampa.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [3484] 0000000003090000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289478956
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289478956 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
16.10.2013, 18:47
| #3 |
| /// Helfer-Team  | Windows 7: Absturz Flashplayer / IP Blacklisted Scan mit Combofix
__________________ |
|
16.10.2013, 19:30
| #4 |
| | Windows 7: Absturz Flashplayer / IP BlacklistedCode:
ATTFilter ComboFix 13-10-15.02 - snick 16.10.2013 20:20:16.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8102.5185 [GMT 2:00]
ausgeführt von:: c:\users\snick\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\TEMP\jna899470096647569711.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-16 bis 2013-10-16 ))))))))))))))))))))))))))))))
.
.
2013-10-16 18:23 . 2013-10-16 18:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-16 18:23 . 2013-10-16 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-15 20:28 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4647F0C8-B4C8-4D8C-A828-6C02BD47BFEB}\mpengine.dll
2013-10-14 20:19 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-13 19:45 . 2013-10-16 15:11 -------- d-----w- c:\programdata\PMS
2013-10-13 19:45 . 2013-10-15 20:16 -------- d-----w- c:\program files (x86)\PS3 Media Server
2013-10-13 10:48 . 2013-10-13 10:48 -------- d-----w- C:\FRST
2013-10-12 22:40 . 2013-10-12 22:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 22:40 . 2013-10-12 22:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-11 16:10 . 2013-10-11 16:14 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-10-11 05:21 . 2013-10-11 05:21 312744 ----a-w- c:\windows\system32\javaws.exe
2013-10-11 05:21 . 2013-10-11 05:21 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-11 05:21 . 2013-10-11 05:21 189352 ----a-w- c:\windows\system32\javaw.exe
2013-10-11 05:21 . 2013-10-11 05:21 189352 ----a-w- c:\windows\system32\java.exe
2013-10-09 15:38 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-09 15:37 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-09 15:37 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 15:37 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 15:37 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 15:37 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 15:37 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 15:37 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-09 15:37 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-09 15:37 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-09 15:37 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-09 15:37 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-08 16:51 . 2013-10-12 17:08 -------- d-sh--w- c:\programdata\Windows Update Service0
2013-10-08 16:46 . 2013-10-08 16:46 -------- d-----w- c:\users\snick\AppData\Local\MPlayer
2013-10-06 12:14 . 2013-10-06 12:15 -------- d-----w- c:\users\snick\AppData\Local\Alt.Binz
2013-10-06 12:14 . 2013-10-06 12:14 -------- d-----w- c:\program files (x86)\Alt.Binz
2013-10-02 18:30 . 2013-10-02 18:30 -------- d-----w- c:\programdata\Package Cache
2013-09-20 21:00 . 2013-09-20 21:00 -------- d-----w- c:\windows\SysWow64\NV
2013-09-20 21:00 . 2013-09-20 21:00 -------- d-----w- c:\windows\system32\NV
2013-09-20 17:20 . 2013-09-20 17:20 -------- d-----w- c:\program files (x86)\AGEIA Technologies
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 17:44 . 2013-08-24 09:23 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-16 17:44 . 2013-08-24 07:12 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-16 17:43 . 2013-08-24 07:12 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-11 05:21 . 2012-10-07 15:25 973736 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-11 05:21 . 2012-10-07 15:25 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-10 15:22 . 2012-05-15 15:52 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-02 18:30 . 2013-08-24 07:12 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-12 08:58 . 2013-07-31 04:53 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2012-10-27 21:31 29337376 ----a-w- c:\windows\system32\nvoglv64.dll
2013-09-12 08:58 . 2012-05-12 23:00 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2012-05-12 23:00 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 08:58 . 2012-05-12 23:00 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-09-12 08:58 . 2012-05-12 23:00 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-09-12 08:58 . 2012-05-12 23:00 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-12 08:58 . 2012-05-12 23:00 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-09-12 07:25 . 2012-05-12 23:01 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2012-05-12 23:01 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2012-05-12 23:01 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2012-05-12 23:01 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-09-12 07:25 . 2012-05-12 23:01 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2012-05-12 23:01 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2012-05-12 23:01 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-12 07:25 . 2012-05-12 23:01 1042208 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-11 22:06 . 2012-05-12 23:01 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-05 21:20 . 2013-09-05 21:20 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{684E37A7-4B73-4983-B97A-6730EC0202C0}\gapaengine.dll
2013-08-29 01:48 . 2013-10-09 15:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-22 20:22 . 2012-06-13 15:08 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-20 13:33 . 2013-08-29 18:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-08-20 13:32 . 2013-08-29 18:33 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-20 13:32 . 2013-08-29 18:33 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-08-05 02:25 . 2013-09-13 13:36 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-13 13:36 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-13 13:36 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-13 13:36 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-13 13:36 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-13 13:36 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-13 13:36 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-13 13:36 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-13 13:36 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-13 13:36 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-13 13:36 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-13 13:36 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 13:36 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 13:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 13:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-13 13:36 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-13 13:36 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-25 09:25 . 2013-08-14 05:02 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\snick\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\snick\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\snick\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\snick\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="s:\steam\steam.exe" [2013-10-09 1813928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]
.
c:\users\snick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\snick\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;z:\i386\AsPrOb64.sys;z:\i386\AsPrOb64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 22:40]
.
2013-10-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-03-15 14:58]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 20:13]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 20:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\snick\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\snick\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\snick\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\snick\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-16 20:25:31
ComboFix-quarantined-files.txt 2013-10-16 18:25
.
Vor Suchlauf: 8 Verzeichnis(se), 52.874.334.208 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 52.810.665.984 Bytes frei
.
- - End Of File - - 80034B1E580510A95109D44B4B879F78
|
|
20.10.2013, 08:13
| #5 |
| /// Helfer-Team | Windows 7: Absturz Flashplayer / IP Blacklisted Gut. Downloade Dir bitte  Malwarebytes Anti-Malware
dann: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
dann: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
20.10.2013, 09:12
| #6 |
| | Windows 7: Absturz Flashplayer / IP Blacklisted Moin t'john, schonmal vielen Dank für deine Hilfe, hier sind wie gefordert die Logfiles: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.20.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 snick :: SNICKSNICK [Administrator] 20.10.2013 09:58:12 mbam-log-2013-10-20 (09-58-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229011 Laufzeit: 1 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\snick\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.009 - Bericht erstellt am 20/10/2013 um 10:05:27
# Updated 19/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : snick - SNICKSNICK
# Gestartet von : C:\Users\snick\Desktop\AdwCleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\foxydeal.sqlite
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\Users\snick\AppData\Roaming\dvdvideosoftiehelpers
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\prefs.js ]
Zeile gefunden : user_pref("foxgame.userprefs.foxgameDeltaTime-uni56.ogame.de", "117296");
*************************
AdwCleaner[R0].txt - [1236 octets] - [20/10/2013 10:05:27]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1296 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by snick (administrator) on SNICKSNICK on 20-10-2013 10:09:42
Running from C:\Users\snick\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Tanuki Software, Ltd.) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Oracle Corporation) C:\Program Files (x86)\PS3 Media Server\jre64\bin\java.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Valve Corporation) S:\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\snick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Steam] - S:\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\snick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\snick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB5AD1FAD7B2CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM {AEA3991E-3109-4C98-989E-33994FEB1A91} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "localhost"
FF NetworkProxy: "backup.ftp", "83.216.166.21"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.gopher", "83.216.166.21"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "83.216.166.21"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "83.216.166.21"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "localhost"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\searchplugins\leo.xml
FF SearchPlugin: C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\searchplugins\qipsearch.xml
FF SearchPlugin: C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\ich@maltegoetz.de
FF Extension: Pocket - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\isreaditlater@ideashower.com
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\temp
FF Extension: PDF Download - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF Extension: HTLiveSight - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{469b7d40-de9a-11e0-9572-0800200c9a66}
FF Extension: FEBE - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF Extension: All-in-One Gestures - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF Extension: FoxTrick - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF Extension: DownloadHelper - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: DeviantCopyPaste - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{d5e41cd-997d-135b-2aa5-7e5c952d427}
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\Extensions.rdf
FF Extension: firefox - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\installed-extensions.txt
FF Extension: secureLogin - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\secureLogin@blueimp.net.xpi
FF Extension: spam - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\spam@trashmail.net.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\snick\AppData\Roaming\Mozilla\Firefox\Profiles\9emip29u.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
==================== Services (Whitelisted) =================
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-02] ()
R2 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [384280 2012-11-27] (Tanuki Software, Ltd.)
==================== Drivers (Whitelisted) ====================
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-22] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-03] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-09-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ASUSProcObsrv; \??\Z:\I386\AsPrOb64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-20 10:07 - 2013-10-20 10:07 - 01954548 _____ (Farbar) C:\Users\snick\Desktop\FRST64.exe
2013-10-20 10:06 - 2013-10-20 10:06 - 00001376 _____ C:\Users\snick\Desktop\AdwCleaner[R0].txt
2013-10-20 10:05 - 2013-10-20 10:05 - 00000000 ____D C:\AdwCleaner
2013-10-20 10:03 - 2013-10-20 10:03 - 01056666 _____ C:\Users\snick\Desktop\AdwCleaner.exe
2013-10-20 09:56 - 2013-10-20 09:56 - 00000000 ____D C:\Users\snick\AppData\Roaming\Malwarebytes
2013-10-20 09:55 - 2013-10-20 09:55 - 00001131 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-20 09:55 - 2013-10-20 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 09:55 - 2013-10-20 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 09:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-19 14:51 - 2013-10-19 14:51 - 00002211 _____ C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2013-10-19 14:51 - 2013-10-19 14:51 - 00000000 ____D C:\Users\snick\AppData\Local\Synology
2013-10-19 14:51 - 2013-10-19 14:51 - 00000000 ____D C:\Program Files (x86)\Synology
2013-10-17 18:43 - 2013-10-20 10:04 - 00000952 _____ C:\Windows\PFRO.log
2013-10-16 20:25 - 2013-10-16 20:25 - 00026150 _____ C:\ComboFix.txt
2013-10-16 20:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-16 20:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-16 20:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-16 20:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-16 20:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-16 20:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-16 20:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-16 20:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-16 20:17 - 2013-10-16 20:25 - 00000000 ____D C:\Qoobox
2013-10-16 20:17 - 2013-10-16 20:23 - 00000000 ____D C:\Windows\erdnt
2013-10-16 20:16 - 2013-10-16 20:16 - 05133109 ____R (Swearware) C:\Users\snick\Desktop\ComboFix.exe
2013-10-13 21:45 - 2013-10-20 10:04 - 00000000 ____D C:\ProgramData\PMS
2013-10-13 21:45 - 2013-10-15 22:16 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-10-13 13:07 - 2013-10-13 13:07 - 1401176627 _____ C:\Windows\MEMORY.DMP
2013-10-13 13:07 - 2013-10-13 13:07 - 00287768 _____ C:\Windows\Minidump\101313-7956-01.dmp
2013-10-13 12:59 - 2013-10-13 12:59 - 00063830 _____ C:\Users\snick\Desktop\gmer.log
2013-10-13 12:48 - 2013-10-13 12:48 - 00000000 ____D C:\FRST
2013-10-13 12:46 - 2013-10-13 12:51 - 00000472 _____ C:\Users\snick\Desktop\defogger_disable.log
2013-10-13 12:46 - 2013-10-13 12:46 - 00000000 _____ C:\Users\snick\defogger_reenable
2013-10-13 10:54 - 2013-10-20 10:04 - 00003472 _____ C:\Windows\setupact.log
2013-10-13 10:54 - 2013-10-13 10:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-13 00:40 - 2013-10-19 19:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-13 00:40 - 2013-10-13 00:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-13 00:40 - 2013-10-13 00:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-13 00:40 - 2013-10-13 00:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 18:10 - 2013-10-11 18:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 17:08 - 2013-10-11 17:08 - 00052199 _____ C:\Users\snick\Desktop\Garderobe.skp
2013-10-11 16:49 - 2013-10-11 16:49 - 00000837 _____ C:\Users\snick\AppData\Local\recently-used.xbel
2013-10-11 07:21 - 2013-10-11 07:21 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-10 17:27 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 17:27 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 17:27 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 17:27 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 17:27 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 17:27 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 17:27 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 17:27 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 17:27 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 17:27 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 17:27 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 17:27 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 17:38 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:38 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:38 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:38 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:38 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:38 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:38 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:38 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:38 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:38 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:38 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:38 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:38 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:38 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:38 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 17:38 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:38 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 17:38 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:38 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:38 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:38 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:38 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:38 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:38 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:38 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:38 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:38 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:38 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:38 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:38 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:38 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:38 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:38 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:38 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:38 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:38 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:38 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:38 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:37 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:37 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 17:37 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:37 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:37 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:37 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 18:51 - 2013-10-12 19:08 - 00000000 __SHD C:\ProgramData\Windows Update Service0
2013-10-08 18:51 - 2013-10-09 17:28 - 00003298 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x1FE004EA
2013-10-08 18:46 - 2013-10-08 18:46 - 00000000 ____D C:\Users\snick\AppData\Local\MPlayer
2013-10-06 14:14 - 2013-10-06 14:15 - 00000000 ____D C:\Users\snick\AppData\Local\Alt.Binz
2013-10-06 14:14 - 2013-10-06 14:14 - 00000000 ____D C:\Program Files (x86)\Alt.Binz
2013-10-03 11:07 - 2013-10-03 11:13 - 00000000 ____D C:\Users\snick\Documents\Battlefield 4
2013-10-02 20:30 - 2013-10-02 20:30 - 00000921 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-02 20:30 - 2013-10-02 20:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-02 19:54 - 2013-10-07 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 14:18 - 2013-10-13 21:09 - 00000000 ____D C:\Users\snick\Desktop\diverse Fotos
2013-09-21 01:12 - 2013-09-29 14:16 - 00000000 ____D C:\Users\snick\Desktop\Bauch
2013-09-20 23:25 - 2013-09-20 23:25 - 00000000 ____D C:\Users\snick\Documents\Egosoft
2013-09-20 23:00 - 2013-09-20 23:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-20 23:00 - 2013-09-20 23:00 - 00000000 ____D C:\Windows\system32\NV
2013-09-20 22:58 - 2013-09-22 17:18 - 00022528 _____ C:\Users\snick\Desktop\Auto.xls
2013-09-20 19:20 - 2013-09-20 19:20 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-20 19:17 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-20 19:17 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2013-09-20 19:17 - 2013-09-12 10:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-20 19:17 - 2013-09-12 10:58 - 00032032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-09-20 19:17 - 2013-06-16 14:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-20 19:17 - 2013-06-16 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
==================== One Month Modified Files and Folders =======
2013-10-20 10:07 - 2013-10-20 10:07 - 01954548 _____ (Farbar) C:\Users\snick\Desktop\FRST64.exe
2013-10-20 10:07 - 2013-01-27 12:44 - 01496657 _____ C:\Windows\WindowsUpdate.log
2013-10-20 10:06 - 2013-10-20 10:06 - 00001376 _____ C:\Users\snick\Desktop\AdwCleaner[R0].txt
2013-10-20 10:05 - 2013-10-20 10:05 - 00000000 ____D C:\AdwCleaner
2013-10-20 10:05 - 2013-08-25 16:55 - 00000000 ____D C:\Users\snick\AppData\Roaming\Skype
2013-10-20 10:05 - 2012-05-13 09:52 - 00000000 ____D C:\Users\snick\AppData\Roaming\Dropbox
2013-10-20 10:04 - 2013-10-17 18:43 - 00000952 _____ C:\Windows\PFRO.log
2013-10-20 10:04 - 2013-10-13 21:45 - 00000000 ____D C:\ProgramData\PMS
2013-10-20 10:04 - 2013-10-13 10:54 - 00003472 _____ C:\Windows\setupact.log
2013-10-20 10:04 - 2013-03-15 20:49 - 00000326 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-10-20 10:04 - 2012-10-29 22:13 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-20 10:04 - 2012-05-13 01:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-20 10:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-20 10:03 - 2013-10-20 10:03 - 01056666 _____ C:\Users\snick\Desktop\AdwCleaner.exe
2013-10-20 09:56 - 2013-10-20 09:56 - 00000000 ____D C:\Users\snick\AppData\Roaming\Malwarebytes
2013-10-20 09:56 - 2009-07-14 06:45 - 00016016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 09:56 - 2009-07-14 06:45 - 00016016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 09:55 - 2013-10-20 09:55 - 00001131 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-20 09:55 - 2013-10-20 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 09:55 - 2013-10-20 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 09:55 - 2009-07-14 19:58 - 02738378 _____ C:\Windows\system32\perfh007.dat
2013-10-20 09:55 - 2009-07-14 19:58 - 00801914 _____ C:\Windows\system32\perfc007.dat
2013-10-20 09:55 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 19:23 - 2012-10-29 22:13 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-19 19:11 - 2013-10-13 00:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 17:22 - 2012-05-12 20:51 - 00000000 ____D C:\Users\snick\Documents\WISO Mein Geld
2013-10-19 14:51 - 2013-10-19 14:51 - 00002211 _____ C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2013-10-19 14:51 - 2013-10-19 14:51 - 00000000 ____D C:\Users\snick\AppData\Local\Synology
2013-10-19 14:51 - 2013-10-19 14:51 - 00000000 ____D C:\Program Files (x86)\Synology
2013-10-18 23:37 - 2012-05-12 16:12 - 00000000 ____D C:\Users\snick\AppData\Roaming\vlc
2013-10-16 20:25 - 2013-10-16 20:25 - 00026150 _____ C:\ComboFix.txt
2013-10-16 20:25 - 2013-10-16 20:17 - 00000000 ____D C:\Qoobox
2013-10-16 20:23 - 2013-10-16 20:17 - 00000000 ____D C:\Windows\erdnt
2013-10-16 20:23 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-16 20:16 - 2013-10-16 20:16 - 05133109 ____R (Swearware) C:\Users\snick\Desktop\ComboFix.exe
2013-10-16 19:44 - 2013-08-24 11:23 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-16 19:44 - 2013-08-24 09:12 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-16 19:43 - 2013-08-24 09:12 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-15 22:16 - 2013-10-13 21:45 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-10-13 21:09 - 2013-09-29 14:18 - 00000000 ____D C:\Users\snick\Desktop\diverse Fotos
2013-10-13 21:02 - 2012-05-11 18:48 - 00000000 ___RD C:\Users\snick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-13 13:07 - 2013-10-13 13:07 - 1401176627 _____ C:\Windows\MEMORY.DMP
2013-10-13 13:07 - 2013-10-13 13:07 - 00287768 _____ C:\Windows\Minidump\101313-7956-01.dmp
2013-10-13 13:07 - 2012-05-17 17:58 - 00000000 ____D C:\Windows\Minidump
2013-10-13 12:59 - 2013-10-13 12:59 - 00063830 _____ C:\Users\snick\Desktop\gmer.log
2013-10-13 12:55 - 2013-06-15 12:22 - 00000000 ____D C:\Users\snick\AppData\Roaming\Winamp
2013-10-13 12:51 - 2013-10-13 12:46 - 00000472 _____ C:\Users\snick\Desktop\defogger_disable.log
2013-10-13 12:48 - 2013-10-13 12:48 - 00000000 ____D C:\FRST
2013-10-13 12:46 - 2013-10-13 12:46 - 00000000 _____ C:\Users\snick\defogger_reenable
2013-10-13 12:46 - 2012-05-11 18:48 - 00000000 ____D C:\Users\snick
2013-10-13 10:54 - 2013-10-13 10:54 - 00000000 _____ C:\Windows\setuperr.log
2013-10-13 00:40 - 2013-10-13 00:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-13 00:40 - 2013-10-13 00:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-13 00:40 - 2013-10-13 00:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-13 00:06 - 2012-05-11 19:40 - 00000000 ____D C:\Windows\Panther
2013-10-12 19:08 - 2013-10-08 18:51 - 00000000 __SHD C:\ProgramData\Windows Update Service0
2013-10-11 21:29 - 2012-06-23 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-11 18:14 - 2013-10-11 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 17:08 - 2013-10-11 17:08 - 00052199 _____ C:\Users\snick\Desktop\Garderobe.skp
2013-10-11 17:08 - 2013-01-20 15:25 - 00000000 ____D C:\Users\snick\.gimp-2.8
2013-10-11 17:04 - 2013-04-26 06:58 - 00000000 ____D C:\Users\snick\Desktop\Wohnung
2013-10-11 16:49 - 2013-10-11 16:49 - 00000837 _____ C:\Users\snick\AppData\Local\recently-used.xbel
2013-10-11 07:21 - 2013-10-11 07:21 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-11 07:21 - 2013-10-11 07:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-11 07:21 - 2012-10-07 17:25 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-11 07:21 - 2012-10-07 17:25 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-11 07:18 - 2012-10-29 22:13 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 07:18 - 2012-10-29 22:13 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 18:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 17:45 - 2009-07-14 06:45 - 00289544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 17:44 - 2012-09-25 21:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 17:44 - 2012-09-25 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 17:24 - 2013-07-14 16:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 17:22 - 2012-05-15 17:52 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 17:21 - 2012-05-11 23:11 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-10 17:21 - 2012-05-11 23:11 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-10 17:21 - 2012-05-11 23:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-09 17:28 - 2013-10-08 18:51 - 00003298 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x1FE004EA
2013-10-08 18:46 - 2013-10-08 18:46 - 00000000 ____D C:\Users\snick\AppData\Local\MPlayer
2013-10-07 20:57 - 2013-10-02 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-07 19:10 - 2012-05-22 07:51 - 00000000 ____D C:\Users\snick\AppData\Roaming\DAEMON Tools Lite
2013-10-06 14:15 - 2013-10-06 14:14 - 00000000 ____D C:\Users\snick\AppData\Local\Alt.Binz
2013-10-06 14:14 - 2013-10-06 14:14 - 00000000 ____D C:\Program Files (x86)\Alt.Binz
2013-10-03 11:13 - 2013-10-03 11:07 - 00000000 ____D C:\Users\snick\Documents\Battlefield 4
2013-10-03 11:07 - 2013-08-24 11:22 - 00000000 ____D C:\Users\snick\AppData\Local\PunkBuster
2013-10-03 09:56 - 2012-05-11 23:41 - 00000000 ____D C:\Users\snick\AppData\Local\Mozilla
2013-10-02 20:30 - 2013-10-02 20:30 - 00000921 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-02 20:30 - 2013-10-02 20:30 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-02 20:30 - 2013-08-24 09:12 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-30 21:36 - 2013-08-24 11:22 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-09-29 14:16 - 2013-09-21 01:12 - 00000000 ____D C:\Users\snick\Desktop\Bauch
2013-09-29 14:03 - 2012-05-12 13:17 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-09-28 01:00 - 2012-05-12 12:53 - 00000000 ____D C:\Users\snick\Documents\OpenTTD
2013-09-23 01:28 - 2013-10-10 17:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-10 17:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 17:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-10 17:27 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-10 17:27 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-10 17:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-10 17:27 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-10 17:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-22 17:18 - 2013-09-20 22:58 - 00022528 _____ C:\Users\snick\Desktop\Auto.xls
2013-09-21 05:38 - 2013-10-10 17:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-10 17:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-10 17:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-10 17:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-20 23:25 - 2013-09-20 23:25 - 00000000 ____D C:\Users\snick\Documents\Egosoft
2013-09-20 23:13 - 2012-09-23 02:29 - 00000000 ____D C:\Users\snick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-20 23:00 - 2013-09-20 23:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-09-20 23:00 - 2013-09-20 23:00 - 00000000 ____D C:\Windows\system32\NV
2013-09-20 19:20 - 2013-09-20 19:20 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-20 19:20 - 2012-05-13 01:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-13 20:40
==================== End Of Log ============================
Gruß snicksnick |
|
22.10.2013, 12:35
| #7 |
| /// Helfer-Team | Windows 7: Absturz Flashplayer / IP Blacklisted Sehr gut!  Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
22.10.2013, 21:06
| #8 |
| |  Windows 7: Absturz Flashplayer / IP Blacklisted Sooo. JRT und ESET waren kein Problem, nur der SecurityCheck meint, dass er Win7 nicht unterstützt. Aber der Reihe nach: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows 7 Home Premium x64
Ran by snick on 22.10.2013 at 18:48:44,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Successfully deleted the following from C:\Users\snick\AppData\Roaming\mozilla\firefox\profiles\9emip29u.default\prefs.js
user_pref("deviantcopypaste.history.thumb", ":thumb25803958:,aHR0cCUzQS8vdG4zLTEuZGV2aWFudGFydC5jb20vMTAwL2ZzOC5kZXZpYW50YXJ0LmNvbS9pLzIwMDUvMzMzLzMvNy9SZWZyYWN0aW9uX2J5X3NwaH
user_pref("foxgame.userprefs.foxgameDeltaTime-uni56.ogame.de", "117296");
Emptied folder: C:\Users\snick\AppData\Roaming\mozilla\firefox\profiles\9emip29u.default\minidumps [44 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.10.2013 at 18:50:06,51
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=71aca92fbd99274688c6450bd09eefc1
# engine=15587
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-22 06:53:13
# local_time=2013-10-22 08:53:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 1049526 33312687 0 0
# scanned=357122
# found=0
# cleaned=0
# scan_time=7123
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
snicksnick |
|
23.10.2013, 12:38
| #9 |
| /// Helfer-Team | Windows 7: Absturz Flashplayer / IP Blacklisted Gibt es noch Probleme mit dem Rechner? |
|
23.10.2013, 13:12
| #10 |
| | Windows 7: Absturz Flashplayer / IP Blacklisted Ne, scheint alles wieder zu laufen. Bin ich dann wieder "clean" ? Tausend Dank für deine Hilfe! |
|
25.10.2013, 15:16
| #11 |
| /// Helfer-Team | Windows 7: Absturz Flashplayer / IP Blacklisted Sehr gut! damit bist Du sauber und entlassen!  Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
| Themen zu Windows 7: Absturz Flashplayer / IP Blacklisted |
| absturz, adobe, browser, computer, desktop, exe, explorer, farbar, farbar recovery scan tool, firefox, flash player, google, helper, home, homepage, launch, mozilla, plug-in, port, registry, scan, security, services.exe, software, spam, system, windows, winlogon.exe, wiso |
WARNUNG an die MITLESER: 
Linear-Darstellung
