| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: bProspector - wie richtig entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.11.2013, 12:24
| #1 |
| |  bProspector - wie richtig entfernen? *Edit ich meinte natürlich bProtector Hallo zusammen, Avira hat gestern festgestellt, dass mein PC mit Schadsoftware infiziert ist. Es stellte sich heraus, dass die Schadsoftware bProtector ist. Ich habe daraufhin AdwCleaner laufen lassen, in der Hoffnung das Problem schnell zu lösen. Nach einem Neustart fand Avira allerdings immer noch versteckte Dateien. Hier der Log von AdwCleaner Code:
ATTFilter # AdwCleaner v3.012 - Bericht erstellt am 22/11/2013 um 20:41:10
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Stephan - STEPHANS-PC
# Gestartet von : C:\Users\Stephan\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Users\Stephan\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Stephan\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Stephan\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Stephan\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Stephan\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Stephan\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Stephan\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\Stephan\Documents\smart pc cleaner
Datei Gelöscht : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job
Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKCU\Software\9e8cdeb734ec45
Schlüssel Gelöscht : HKLM\SOFTWARE\9e8cdeb734ec45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\InstallIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
-\\ Mozilla Firefox v25.0.1 (en-US)
[ Datei : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=B8B7801F025B09BB&affID=119357&tt=240913_238&tsp=5018");
*************************
AdwCleaner[R0].txt - [11363 octets] - [22/11/2013 20:40:36]
AdwCleaner[S0].txt - [10489 octets] - [22/11/2013 20:41:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10550 octets] ##########
Extras Code:
ATTFilter OTL Extras logfile created on: 23.11.2013 12:15:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 73,48% Memory free
15,95 Gb Paging File | 13,76 Gb Available in Paging File | 86,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 424,61 Gb Free Space | 71,23% Space Free | Partition Type: NTFS
Computer Name: STEPHANS-PC | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-354402506-3592774248-4125264042-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Stephan\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Stephan\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0611A9C6-276C-4E84-B8E8-ECA5D228FDD6}" = lport=58400 | protocol=6 | dir=in | name=pando media booster |
"{10C83A89-C38E-4968-B10D-2D10346E0EE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12ABF42B-F805-4D52-9642-ABE6CCE74B0F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{263813E5-3C5A-4BA5-99FC-7741959CD303}" = lport=58400 | protocol=6 | dir=in | name=pando media booster |
"{2A41406F-2EC9-40C1-951B-642AD0C3782A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{334B5E27-0D9C-49D3-9753-98C4B2745123}" = lport=58400 | protocol=17 | dir=in | name=pando media booster |
"{38B08B84-7FE3-48F7-9AF6-11D21DAE8332}" = lport=139 | protocol=6 | dir=in | app=system |
"{3C69ED44-E076-4479-90BA-CCA5C174D26D}" = lport=58400 | protocol=17 | dir=in | name=pando media booster |
"{49503A54-3F64-415A-9CBD-6C7210C351A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{50584F1B-A022-4BE9-9E54-D94AC4D6C5F7}" = lport=445 | protocol=6 | dir=in | app=system |
"{570ED10F-22C9-4837-B3E0-B82D98175F5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57FA2D4D-53C6-4BCF-A530-1C8EE9900474}" = rport=138 | protocol=17 | dir=out | app=system |
"{5CA7A1FF-B3EC-4E1A-99BB-C12F5385095A}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5F6BD745-597C-4742-849C-50D35C0485BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6B046B67-4C5D-4C4C-823D-1E948F1D474D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72380C9B-D356-4EE4-90FB-24325175DE77}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7265CD1B-FC8C-454E-B8A8-CF790E6CA33B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72D6C311-B95A-4232-BC5D-43ACCDE3E984}" = rport=445 | protocol=6 | dir=out | app=system |
"{853CC322-F86C-429F-9244-4A9BA099677E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{8796037F-3CB8-4E07-AE81-9FDA4AEFACB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92DFF67C-E046-4761-B894-E14EAB613CCF}" = lport=137 | protocol=17 | dir=in | app=system |
"{99A8136F-D97F-4C59-8624-B184707E9233}" = rport=139 | protocol=6 | dir=out | app=system |
"{B90BAB23-7732-440F-A7FD-AD0D70736698}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D64F9A46-5A9D-4747-AEAE-7BD27B51476B}" = lport=138 | protocol=17 | dir=in | app=system |
"{DF1475F1-2EAE-4817-938B-D6EDB98E6DFA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4AEF9D9-14BF-4734-BF33-3A750D2671EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED85714E-BAAA-4AA2-BF0E-78A4CD437682}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7AB1E7E-FB03-4D14-89FC-243839F74E47}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8AD8BF7-E6D5-4ECF-B832-1864C9822DE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025E9166-56E6-47B0-99E8-C86D27742801}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nmrih\sdk\bin\hammer.bat |
"{067DD84A-61DF-45D4-8E36-83CB9FF9B2A1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{0A0FD770-B3E3-4455-BBFC-F56D17A6DF19}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\crysis 3\bin32\crysis3.exe |
"{0B5C8695-34BC-4F55-9109-D1DC146BE18B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C4DE0C3-5F85-4CE3-8036-408CE8C1FC97}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{11EE32AF-4158-4CBE-910B-DCD7AA5C3529}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{13C2701C-E7D8-463E-B450-3ECDD0593EC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16807778-F052-48C6-B4D8-6D9D21917ACC}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{199A32A7-2C34-4870-9E54-AB55CB0B7964}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D92565A-EB82-479C-A853-6DB565C7AF01}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{20C173F5-8089-4647-8B1B-805A528B80E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{225B4DA8-5EC6-4C60-B454-BB9B164DEF18}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{245ABC08-A973-45A3-900A-E94618711283}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{365B2542-7D83-4D79-8A39-22A17EE8D4F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3AC5376F-7AAA-46D3-97A0-A106F4B08876}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3C307772-5A02-437E-B499-B5F9890CABD8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{422F4DC0-A926-42EB-B8AC-519DD7ECF6D1}" = protocol=6 | dir=out | app=system |
"{50026CF5-4DD5-4337-A10D-306E2817388A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{54C5601F-D1C7-4B7C-813B-9FD848882482}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57C6C39A-0021-4EE9-BD01-95FD9E83C8C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5998CEE0-FEAC-43FC-97C7-F8F3654F869E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A8214EA-540C-4F95-9F5F-54A4E3C828BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nmrih\sdk\hl2.exe |
"{5CBBE05D-D3CC-4CBC-8A1F-62EE29C912AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed shift\support\ea help\electronic_arts_technical_support.htm |
"{5E5F41C6-CA7A-4A00-BB78-0A6C05A92527}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{65F1E2B5-82AC-4766-9523-3B265E287497}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{69FCC37E-78F2-478E-9932-E4A864D58F8E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{728994E9-2B5F-4085-8E43-D74A3BFA43B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{74436148-CF52-4113-9758-32F0A90DC51C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{770D1F3B-2264-48BB-A377-64D73FBB1D95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{7A2016A5-C2B7-4AAA-8127-17D17C9A6173}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B10554B-AAB6-47CD-AF1E-513B50676C19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{7D7EA81E-1D3F-4815-BB72-5948E0CEC469}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nmrih\sdk\hl2.exe |
"{7E8BF8C9-AD4D-40B0-802A-3E01D371E774}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{826D6513-B428-4183-9DC9-C956888025CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed shift\support\ea help\electronic_arts_technical_support.htm |
"{8BA28F1C-6FE2-46E0-AEE6-F5674B04A122}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{928FB7F0-4AAC-4AD4-BBD2-ECB46221DF08}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{93CCE1A2-8825-4793-9BFC-5171E548F6DB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{995FD0D0-C07B-4A55-B8BC-B9B642CBEAFB}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe |
"{9C3A2BC0-9E83-455C-974D-C51663909E65}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E080171-17A0-498F-BF41-14D6345F8E43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed shift\shift.exe |
"{A85B40A6-D0F3-4F99-8470-EF6C44464D02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AB0486FE-F4C7-4D45-A9AD-8F9A1A360B57}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{B37B6661-FB81-4E1C-B318-A1C7A2F6BBA6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B58D1E53-52B9-477C-91D0-E847F2113951}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B745C2B8-EC9D-46A9-8A41-7B3C9DEF8FA0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\crysis 3\bin32\crysis3.exe |
"{B9B3D03C-7525-4F12-BD6B-72DBA1E277DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{BB861434-4CB2-4D7B-B62A-5DDFCF731B1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBAD8738-C599-4DD8-8114-2CFBDFF17CD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDF89BAD-6190-4430-B6AD-D90D2259D458}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{BFA290B2-9F18-4FB2-BF02-5CC1EA6D9814}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C13DC818-343F-4BFE-89B4-2E159DCB88EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nmrih\sdk\bin\hammer.bat |
"{C1EF48B2-E439-4A34-8084-75CB2E6740C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C58C7CBA-4C65-4E9A-91BD-73622E1AF77A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C5D7FABF-038C-4A01-AB95-1E1F862D0D35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CAB7977E-4DD1-437F-969C-ACF2D27CA3B8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CD3B80F8-DEB8-44EC-A663-53C210EFEA0C}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe |
"{D03BA1D0-7CE3-4AB4-AC4F-77E858C38E3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{D47CF24D-67B0-4501-9E3D-ED8E4347DB18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\need for speed shift\shift.exe |
"{D527666A-1C2C-4CAA-93D7-3943CF93A0DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD6CD7F8-E653-4970-9784-5AF7E98372AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{DF3AAFDD-F6EF-40E8-AE1C-AD554D9FCACA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFB580BE-7125-47BB-A37B-48CCD057F7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2821D9C-6FDE-4646-88F2-3649024DBFF4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E6309BB0-C716-447B-90D3-5C3A7F319A5D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EC0DAC93-B483-4511-B727-67F4A56F7A0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC6
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.00 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Fraps" = Fraps
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 224260" = No More Room in Hell
"Steam App 240" = Counter-Strike: Source
"Steam App 24870" = Need for Speed: SHIFT
"Steam App 24980" = Mass Effect 2
"Steam App 43110" = Metro 2033
"Steam App 43160" = Metro: Last Light
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Uplay" = Uplay
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-354402506-3592774248-4125264042-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18
"UpdaterEX" = Extended Update
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.11.2013 11:36:11 | Computer Name = Stephans-PC | Source = NvStreamSvc | ID = 131073
Description =
Error - 03.11.2013 11:36:58 | Computer Name = Stephans-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100,
Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100,
Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften
Prozesses: 0xc08 Startzeit der fehlerhaften Anwendung: 0x01ced8aa7c5855d2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
Berichtskennung:
c5ef0d97-449d-11e3-b903-d0a79d53b196
Error - 06.11.2013 16:59:00 | Computer Name = Stephans-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1,
Zeitstempel: 0x51226a2f Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1,
Zeitstempel: 0x512269ef Ausnahmecode: 0xc0000005 Fehleroffset: 0x0117e8b3 ID des fehlerhaften
Prozesses: 0x1044 Startzeit der fehlerhaften Anwendung: 0x01cedb17009714fe Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dll
Berichtskennung:
421bd82b-4726-11e3-a187-8338197e2595
Error - 09.11.2013 10:20:28 | Computer Name = Stephans-PC | Source = NvStreamSvc | ID = 131073
Description =
Error - 09.11.2013 10:20:28 | Computer Name = Stephans-PC | Source = NvStreamSvc | ID = 131073
Description =
Error - 09.11.2013 10:20:28 | Computer Name = Stephans-PC | Source = NvStreamSvc | ID = 131073
Description =
Error - 10.11.2013 09:14:25 | Computer Name = Stephans-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1,
Zeitstempel: 0x51226a2f Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1,
Zeitstempel: 0x512269ef Ausnahmecode: 0xc0000005 Fehleroffset: 0x00626115 ID des fehlerhaften
Prozesses: 0xc7c Startzeit der fehlerhaften Anwendung: 0x01cede1418308789 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dll
Berichtskennung:
04bbf8b9-4a0a-11e3-856b-f9538567f990
Error - 10.11.2013 09:19:15 | Computer Name = Stephans-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1,
Zeitstempel: 0x51226a2f Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1,
Zeitstempel: 0x512269ef Ausnahmecode: 0xc0000005 Fehleroffset: 0x00626115 ID des fehlerhaften
Prozesses: 0x1384 Startzeit der fehlerhaften Anwendung: 0x01cede16fa62e90f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dll
Berichtskennung:
b1983d97-4a0a-11e3-856b-f9538567f990
Error - 10.11.2013 15:39:10 | Computer Name = Stephans-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1,
Zeitstempel: 0x51226a2f Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1,
Zeitstempel: 0x512269ef Ausnahmecode: 0xc0000005 Fehleroffset: 0x00626115 ID des fehlerhaften
Prozesses: 0x12b4 Startzeit der fehlerhaften Anwendung: 0x01cede43c853baae Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dll
Berichtskennung:
c48f845a-4a3f-11e3-872a-ad0a88d29bed
Error - 12.11.2013 17:17:06 | Computer Name = Stephans-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100,
Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100,
Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften
Prozesses: 0xd6c Startzeit der fehlerhaften Anwendung: 0x01cedfec7abbc4b7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
Berichtskennung:
c82bd713-4bdf-11e3-866f-f2a8e886be9e
[ System Events ]
Error - 31.10.2013 11:47:13 | Computer Name = Stephans-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 31.10.2013 11:47:13 | Computer Name = Stephans-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 01.11.2013 09:01:33 | Computer Name = Stephans-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 01.11.2013 09:01:33 | Computer Name = Stephans-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 01.11.2013 09:01:33 | Computer Name = Stephans-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 01.11.2013 09:01:33 | Computer Name = Stephans-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 06.11.2013 13:31:19 | Computer Name = Stephans-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 22.11.2013 15:01:04 | Computer Name = Stephans-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "BitGuard" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 22.11.2013 15:01:34 | Computer Name = Stephans-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "BitGuard" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 22.11.2013 15:01:36 | Computer Name = Stephans-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Code:
ATTFilter OTL logfile created on: 23.11.2013 12:15:59 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephan\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16736) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 73,48% Memory free 15,95 Gb Paging File | 13,76 Gb Available in Paging File | 86,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 424,61 Gb Free Space | 71,23% Space Free | Partition Type: NTFS Computer Name: STEPHANS-PC | User Name: Stephan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stephan\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) PRC - C:\Fraps\fraps.exe (Beepa P/L) PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () PRC - C:\Program Files (x86)\Hama\Common\RaUI.exe (Ralink Technology, Corp.) PRC - C:\Program Files (x86)\Hama\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll () MOD - C:\Program Files (x86)\Hama\Common\RaWLAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NvStreamSvc) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe (Ralink Technology, Corp.) SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-354402506-3592774248-4125264042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-354402506-3592774248-4125264042-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-354402506-3592774248-4125264042-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-354402506-3592774248-4125264042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: firefox%40websparkle.biz:1.0.0 FF - prefs.js..extensions.enabledAddons: cryenginebrowserplugin%40crytek.com:0.39.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Stephan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.09.27 17:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Extensions [2013.11.06 16:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\el4enbqt.default\extensions [2013.10.12 13:17:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\el4enbqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013.10.12 13:19:49 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\el4enbqt.default\extensions\adblockpopups@jessehakanen.net [2013.11.06 16:28:42 | 000,000,000 | ---D | M] (GFACE Experience Plugin) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\el4enbqt.default\extensions\cryenginebrowserplugin@crytek.com [2013.10.27 22:42:51 | 000,000,000 | ---D | M] (WebSparkle) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\el4enbqt.default\extensions\firefox@websparkle.biz [2013.11.06 16:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\el4enbqt.default\extensions\staged [2013.10.12 13:18:02 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\el4enbqt.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.10.12 13:17:33 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\el4enbqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.09.27 17:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.09.27 17:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.11.17 20:11:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-354402506-3592774248-4125264042-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{408E9EE5-A9F5-4BD9-BC5E-B1B38BFDB478}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF5DC135-AB09-4D30-A6E9-4164A4EE70F4}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F173C1DD-F06B-4197-A797-1FA150D1FA47}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a7a7ca1d-278a-11e3-9c9a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a7a7ca1d-278a-11e3-9c9a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.11.22 20:40:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013.11.22 20:39:42 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013.11.22 20:39:42 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013.11.15 17:28:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.11.15 17:28:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.11.15 17:27:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.11.15 17:27:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.11.15 17:27:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.11.15 17:27:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.11.15 17:27:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.11.15 17:27:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.11.15 17:27:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.11.15 17:27:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.11.15 17:27:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.11.15 17:27:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.11.15 17:27:58 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.11.15 17:27:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.11.15 17:27:58 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.11.14 19:36:26 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.11.14 19:36:22 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.11.14 19:36:22 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.11.14 19:36:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll [2013.11.14 19:36:22 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll [2013.11.14 19:36:22 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll [2013.11.14 19:36:14 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.11.14 19:36:14 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.11.14 19:36:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.11.14 19:36:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.11.14 19:36:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013.11.14 19:36:11 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2013.11.14 19:36:10 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll [2013.11.14 19:36:10 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll [2013.11.14 19:36:10 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL [2013.11.14 19:36:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL [2013.11.10 13:54:43 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\Microsoft Hardware [2013.11.10 13:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.11.10 13:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.11.07 17:08:24 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\BioWare [2013.11.07 17:07:25 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2013.11.07 17:07:25 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013.11.07 17:07:25 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2013.11.07 17:07:25 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013.11.07 17:07:25 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2013.11.07 17:07:25 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013.11.07 15:43:37 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Desktop\Spiele [2013.10.31 21:45:19 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Desktop\materials original [2013.10.31 20:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120% [2013.10.31 20:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2013.10.31 20:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Franzis [2013.10.29 15:22:41 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\PunkBuster [2013.10.29 11:46:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.10.29 02:56:09 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.10.29 02:56:05 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Ubisoft Game Launcher [2013.10.29 02:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.10.29 02:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.10.29 02:39:43 | 000,000,000 | ---D | C] -- C:\Fraps [2013.10.28 20:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3 [2013.10.28 20:37:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.10.28 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.10.28 11:15:47 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Origin [2013.10.28 11:15:45 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Origin [2013.10.28 11:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.10.28 11:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.10.28 11:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.10.28 11:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.10.27 22:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.10.27 22:42:52 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Programs [2013.10.27 22:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp [2013.10.27 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp [2013.10.27 22:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013.10.27 22:15:04 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\4A Games [2013.10.27 22:09:39 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\4A Games [2013.10.27 21:55:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2013.10.27 21:55:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2013.10.27 21:55:12 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2013.10.27 21:55:12 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2013.10.27 21:55:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2013.10.27 21:55:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2013.10.27 21:55:11 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2013.10.27 21:55:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2013.10.27 21:55:10 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2013.10.27 21:55:10 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2013.10.27 21:55:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2013.10.27 21:55:10 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2013.10.27 21:55:10 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2013.10.27 21:55:10 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2013.10.27 21:55:09 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2013.10.27 21:55:09 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2013.10.27 21:55:09 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2013.10.27 21:55:09 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2013.10.27 21:55:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2013.10.27 21:55:09 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2013.10.27 21:55:09 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2013.10.27 21:55:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2013.10.27 21:55:08 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2013.10.27 21:55:08 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2013.10.27 21:55:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2013.10.27 21:55:08 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2013.10.27 21:55:08 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2013.10.27 21:55:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2013.10.27 21:55:07 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2013.10.27 21:55:07 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2013.10.27 21:55:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2013.10.27 21:55:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2013.10.27 21:55:06 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2013.10.27 21:55:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2013.10.27 21:55:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2013.10.27 21:55:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2013.10.27 21:55:05 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2013.10.27 21:55:05 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2013.10.27 21:55:03 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2013.10.27 21:55:03 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2013.10.27 21:55:03 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2013.10.27 21:55:03 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2013.10.27 21:55:03 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2013.10.27 21:55:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2013.10.27 21:55:02 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2013.10.27 21:55:02 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2013.10.27 21:55:02 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2013.10.27 21:55:02 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2013.10.27 21:55:02 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2013.10.27 21:55:02 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2013.10.27 21:55:02 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2013.10.27 21:55:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2013.10.27 21:55:01 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2013.10.27 21:55:01 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2013.10.27 21:55:01 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2013.10.27 21:55:01 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2013.10.27 21:55:00 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2013.10.27 21:55:00 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2013.10.27 21:55:00 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2013.10.27 21:55:00 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2013.10.27 21:55:00 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2013.10.27 21:55:00 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2013.10.27 21:54:59 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2013.10.27 21:54:59 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013.10.27 21:54:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2013.10.27 21:54:59 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2013.10.27 21:54:59 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2013.10.27 21:54:59 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2013.10.27 21:54:59 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2013.10.27 21:54:59 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013.10.27 21:54:59 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2013.10.27 21:54:59 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2013.10.27 21:54:57 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2013.10.27 21:54:57 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2013.10.27 21:54:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2013.10.27 21:54:57 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2013.10.27 21:54:57 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2013.10.27 21:54:57 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2013.10.27 21:54:56 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2013.10.27 21:54:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2013.10.27 21:54:55 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2013.10.27 21:54:55 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2013.10.27 21:54:55 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2013.10.27 21:54:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2013.10.27 21:54:54 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2013.10.27 21:54:54 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2013.10.27 21:54:53 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2013.10.27 21:54:53 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2013.10.27 21:54:53 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2013.10.27 21:54:53 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2013.10.27 21:54:53 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2013.10.27 21:54:53 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2013.10.27 21:54:52 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2013.10.27 21:54:52 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2013.10.27 21:54:52 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2013.10.27 21:54:52 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2013.10.27 21:54:51 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2013.10.27 21:54:51 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2013.10.27 21:54:51 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2013.10.27 21:54:51 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2013.10.27 21:54:50 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2013.10.27 21:54:50 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2013.10.27 21:54:50 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2013.10.27 21:54:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2013.10.27 21:54:49 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2013.10.27 21:54:49 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2013.10.27 21:54:48 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2013.10.27 21:54:48 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2013.10.27 21:54:48 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2013.10.27 21:54:48 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2013.10.27 21:54:48 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2013.10.27 21:54:48 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2013.10.27 21:54:47 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2013.10.27 21:54:47 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2013.10.27 21:54:46 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2013.10.27 21:54:46 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2013.10.27 21:54:46 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2013.10.27 21:54:46 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2013.10.27 21:54:46 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2013.10.27 21:54:46 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2013.10.27 21:54:46 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2013.10.27 21:54:46 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2013.10.27 21:54:45 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2013.10.27 21:54:45 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2013.10.27 21:54:45 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2013.10.27 21:54:44 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2013.10.27 21:54:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2013.10.27 21:54:44 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2013.10.27 21:54:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2013.10.27 21:54:44 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2013.10.27 21:54:44 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2013.10.27 21:54:43 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2013.10.27 21:54:43 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2013.10.27 21:54:41 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2013.10.27 21:54:41 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2013.10.27 21:54:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2013.10.27 21:54:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2013.10.27 21:54:39 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2013.10.27 21:54:39 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2013.10.27 21:54:38 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2013.10.27 21:54:38 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2013.10.27 21:54:37 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2013.10.27 21:54:37 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2013.10.27 21:54:37 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2013.10.27 21:54:37 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2013.10.27 21:54:36 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2013.10.27 21:54:36 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2013.10.27 21:54:35 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2013.10.27 21:54:35 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2013.10.27 21:54:34 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2013.10.27 21:54:34 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2013.10.27 21:54:33 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2013.10.27 21:54:33 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2013.10.27 21:54:32 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2013.10.27 21:54:32 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2013.10.27 21:54:31 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2013.10.27 21:54:31 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2013.10.27 21:54:27 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2013.10.27 21:54:27 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2013.10.27 21:54:24 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2013.10.27 21:54:24 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2013.10.27 21:54:24 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2013.10.27 21:54:24 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2013.10.27 21:54:23 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2013.10.27 21:54:23 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2013.10.27 21:54:22 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2013.10.27 21:54:22 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2013.10.27 21:54:20 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2013.10.27 21:54:20 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2013.10.27 21:54:18 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2013.10.27 21:54:18 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2013.10.27 21:54:15 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2013.10.27 21:54:15 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2013.10.27 21:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.10.27 18:37:59 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.10.27 18:29:14 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2013.10.27 18:29:14 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2013.10.27 18:28:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions [2013.10.27 18:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra [2013.10.27 18:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra [2013.10.27 15:14:07 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Amazon [2013.10.27 15:13:33 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\Amazon MP3 [2013.10.27 15:13:33 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2013.10.27 15:13:31 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Program Files [2013.10.27 15:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Overwolf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Stephan\AppData\Local\*.tmp files -> C:\Users\Stephan\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.11.23 12:04:24 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.11.23 12:04:24 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.11.23 12:04:24 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.11.23 12:04:24 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.11.23 12:04:24 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.11.23 12:03:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.11.23 12:03:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.11.23 11:58:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.11.23 11:57:57 | 2129,350,655 | -HS- | M] () -- C:\hiberfil.sys [2013.11.22 20:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.11.21 20:04:44 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.11.21 20:04:44 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.11.11 19:23:28 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.11.10 19:21:13 | 000,276,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.11.06 18:38:16 | 000,007,605 | ---- | M] () -- C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg [2013.11.06 18:38:05 | 000,000,626 | ---- | M] () -- C:\Users\Stephan\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.11.06 18:21:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.11.04 21:17:08 | 000,000,221 | ---- | M] () -- C:\Users\Stephan\Desktop\Mass Effect 2.url [2013.10.31 20:43:13 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2013.10.31 20:39:43 | 000,868,848 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2013.10.29 15:08:02 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.10.29 11:54:15 | 000,000,219 | ---- | M] () -- C:\Users\Stephan\Desktop\Counter-Strike Source.url [2013.10.29 11:54:08 | 000,000,221 | ---- | M] () -- C:\Users\Stephan\Desktop\Metro 2033.url [2013.10.29 11:54:00 | 000,000,221 | ---- | M] () -- C:\Users\Stephan\Desktop\Metro Last Light.url [2013.10.29 02:56:09 | 000,001,201 | ---- | M] () -- C:\Users\Stephan\Desktop\Uplay.lnk [2013.10.28 20:37:33 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Crysis 3.lnk [2013.10.28 11:15:02 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.10.27 22:42:52 | 000,000,948 | ---- | M] () -- C:\Users\Stephan\Desktop\Core Temp.lnk [2013.10.27 15:17:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Stephan\AppData\Local\*.tmp files -> C:\Users\Stephan\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.11.06 18:21:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.11.04 21:17:08 | 000,000,221 | ---- | C] () -- C:\Users\Stephan\Desktop\Mass Effect 2.url [2013.10.31 20:43:13 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2013.10.31 20:39:43 | 000,868,848 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2013.10.29 15:22:48 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.10.29 15:08:04 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.10.29 15:08:04 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.10.29 15:08:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.10.29 11:54:15 | 000,000,219 | ---- | C] () -- C:\Users\Stephan\Desktop\Counter-Strike Source.url [2013.10.29 11:54:08 | 000,000,221 | ---- | C] () -- C:\Users\Stephan\Desktop\Metro 2033.url [2013.10.29 11:54:00 | 000,000,221 | ---- | C] () -- C:\Users\Stephan\Desktop\Metro Last Light.url [2013.10.29 02:56:09 | 000,001,201 | ---- | C] () -- C:\Users\Stephan\Desktop\Uplay.lnk [2013.10.28 20:37:33 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Crysis 3.lnk [2013.10.28 11:15:02 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.10.27 22:42:52 | 000,000,948 | ---- | C] () -- C:\Users\Stephan\Desktop\Core Temp.lnk [2013.10.27 22:40:48 | 000,007,605 | ---- | C] () -- C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg [2013.10.27 22:40:22 | 000,000,626 | ---- | C] () -- C:\Users\Stephan\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.10.27 15:17:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.10.12 11:41:52 | 013,497,344 | ---- | C] () -- C:\Program Files (x86)\EA Core.msi [2013.10.12 11:41:52 | 000,052,736 | ---- | C] () -- C:\Program Files (x86)\1031.MST [2013.10.12 11:41:52 | 000,006,285 | ---- | C] () -- C:\Program Files (x86)\0x0407.ini [2013.09.28 15:45:23 | 000,000,600 | ---- | C] () -- C:\Users\Stephan\AppData\Local\PUTTY.RND [2013.09.28 14:29:48 | 000,000,000 | ---- | C] () -- C:\Users\Stephan\AppData\Local\{218FF33E-BCBE-4822-8F3D-BF376C3D5EF8} [2013.09.27 17:44:21 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.09.27 17:31:44 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2013.09.27 17:31:31 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2013.09.27 17:31:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.09.28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.10.27 15:14:07 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Amazon [2013.10.20 12:47:21 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\LolClient [2013.10.31 19:16:08 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Origin [2013.10.22 22:38:27 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\TS3Client ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.09.29 15:45:43 | 098,463,575 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\玪ⴢ‡ [2013.09.29 15:43:37 | 098,463,575 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\玪ⴢ‡ [2013.09.28 14:25:44 | 098,430,869 | ---- | M] ()(C:\Windows\SysWow64\???I) -- C:\Windows\SysWow64\⑁I [2013.09.28 13:35:46 | 098,430,869 | ---- | C] ()(C:\Windows\SysWow64\???I) -- C:\Windows\SysWow64\⑁I ========== Alternate Data Streams ========== @Alternate Data Stream - 1056 bytes -> C:\ProgramData\TEMP:966F7784 < End of report > Geändert von bonezmc (23.11.2013 um 12:35 Uhr) |
|
23.11.2013, 12:50
| #2 |
| /// TB-Ausbilder   | bProspector - wie richtig entfernen? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
23.11.2013, 13:00
| #3 |
| | bProspector - wie richtig entfernen? Hallo Matthias, vielen Dank für deine Hilfe.
__________________FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013
Ran by Stephan (administrator) on STEPHANS-PC on 23-11-2013 12:56:13
Running from C:\Users\Stephan\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry64.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Beepa P/L) C:\Fraps\fraps.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKCU\...\Run: [AlcoholAutomount] - "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MountPoints2: {a7a7ca1d-278a-11e3-9c9a-806e6f6e6963} - D:\AutoRun.exe
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-27] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: [ ] ()
==================== Internet (Whitelisted) ====================
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Stephan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\adblockpopups@jessehakanen.net
FF Extension: GFACE Experience Plugin - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: WebSparkle - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\firefox@websparkle.biz
FF Extension: No Name - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\staged
FF Extension: Adblock Plus - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: adblockpopups - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: Adblock Plus - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-27] (Avira Operations GmbH & Co. KG)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-29] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\Hama\Common\RaRegistry.exe [193888 2010-06-01] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Hama\Common\RaRegistry64.exe [211296 2010-06-01] (Ralink Technology, Corp.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-27] (Avira Operations GmbH & Co. KG)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-10-31] ()
U3 afghn8lh; C:\Windows\System32\Drivers\afghn8lh.sys [0 ] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-23 12:56 - 2013-11-23 12:56 - 00007484 _____ C:\Users\Stephan\Downloads\FRST.txt
2013-11-23 12:56 - 2013-11-23 12:56 - 00000000 ____D C:\FRST
2013-11-23 12:55 - 2013-11-23 12:55 - 01957916 _____ (Farbar) C:\Users\Stephan\Downloads\FRST64.exe
2013-11-23 12:13 - 2013-11-23 12:18 - 00111720 _____ C:\Users\Stephan\Downloads\OTL.Txt
2013-11-23 12:13 - 2013-11-23 12:18 - 00061092 _____ C:\Users\Stephan\Downloads\Extras.Txt
2013-11-23 12:07 - 2013-11-23 12:08 - 00602112 _____ (OldTimer Tools) C:\Users\Stephan\Downloads\OTL.exe
2013-11-22 20:51 - 2013-11-22 20:51 - 00000370 _____ C:\DelFix.txt
2013-11-22 20:44 - 2013-11-22 20:44 - 00010691 _____ C:\Users\Stephan\Desktop\Neues Textdokument (2).txt
2013-11-22 20:40 - 2013-11-22 20:41 - 00000000 ____D C:\AdwCleaner
2013-11-22 20:39 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-15 17:28 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 17:28 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 17:28 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 17:28 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 17:27 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 17:27 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 17:27 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 17:27 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 17:27 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 17:27 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 17:27 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 17:27 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 19:36 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 19:36 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 19:36 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 19:36 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 19:36 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 19:36 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 19:36 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 19:36 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 19:36 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 19:36 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:36 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 19:36 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:36 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 19:36 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 19:36 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 19:36 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 19:36 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 19:36 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 19:36 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 19:36 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 19:36 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 19:36 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 19:36 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 19:36 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 19:36 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 19:36 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 19:36 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 19:36 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 19:36 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 19:36 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 21:46 - 2013-11-22 20:59 - 00003032 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-11-10 13:54 - 2013-11-10 13:54 - 00000000 ____D C:\Users\Stephan\Documents\Microsoft Hardware
2013-11-10 13:46 - 2013-11-10 13:46 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-11-10 13:45 - 2013-11-10 13:46 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-11-10 13:44 - 2013-11-10 13:44 - 50249936 _____ (Microsoft Corporation) C:\Users\Stephan\Downloads\MouseKeyboardCenterx64_DEU_2.3.145.exe
2013-11-07 17:08 - 2013-11-07 17:08 - 00000000 ____D C:\Users\Stephan\Documents\BioWare
2013-11-07 17:07 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-07 15:43 - 2013-11-07 15:44 - 00000000 ____D C:\Users\Stephan\Desktop\Spiele
2013-11-06 18:21 - 2013-11-06 18:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-04 21:17 - 2013-11-04 21:17 - 00000221 _____ C:\Users\Stephan\Desktop\Mass Effect 2.url
2013-11-01 14:00 - 2013-11-01 14:00 - 05309784 _____ (NVIDIA Corporation) C:\Users\Stephan\Downloads\NVIDIA_3DTV_Play_Activation_Utility.exe
2013-10-31 22:02 - 2013-10-31 22:03 - 02449112 _____ C:\Users\Stephan\Downloads\light normal walls 50pct opacity.zip
2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 ____D C:\Users\Stephan\Downloads\sv_consistency Safe - Normal Translucent Walls 90 opacity
2013-10-31 21:45 - 2013-10-31 22:00 - 00000000 ____D C:\Users\Stephan\Desktop\materials original
2013-10-31 20:43 - 2013-10-31 20:43 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2013-10-31 20:43 - 2013-10-31 20:43 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 20:39 - 2013-10-31 20:39 - 00868848 _____ C:\Windows\system32\Drivers\sptd.sys
2013-10-31 20:39 - 2013-10-31 20:39 - 00000000 ____D C:\Program Files (x86)\Franzis
2013-10-29 18:07 - 2013-11-23 11:59 - 00003148 _____ C:\Windows\System32\Tasks\FRAPS
2013-10-29 15:22 - 2013-11-21 20:04 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-29 15:22 - 2013-10-29 15:22 - 00000000 ____D C:\Users\Stephan\AppData\Local\PunkBuster
2013-10-29 15:16 - 2013-10-29 15:21 - 273827152 _____ (Ubisoft) C:\Users\Stephan\Downloads\farcry3_1.05.exe
2013-10-29 15:16 - 2013-10-29 15:21 - 231404576 _____ (Ubisoft) C:\Users\Stephan\Downloads\FarCry3_mp_dlc.exe
2013-10-29 15:08 - 2013-11-21 20:04 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-29 15:08 - 2013-11-11 19:23 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-29 15:08 - 2013-10-29 15:08 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-29 11:54 - 2013-10-29 11:54 - 00000221 _____ C:\Users\Stephan\Desktop\Metro Last Light.url
2013-10-29 11:54 - 2013-10-29 11:54 - 00000221 _____ C:\Users\Stephan\Desktop\Metro 2033.url
2013-10-29 11:54 - 2013-10-29 11:54 - 00000219 _____ C:\Users\Stephan\Desktop\Counter-Strike Source.url
2013-10-29 11:46 - 2013-10-29 11:46 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-29 02:56 - 2013-10-29 15:42 - 00000000 ____D C:\Users\Stephan\AppData\Local\Ubisoft Game Launcher
2013-10-29 02:56 - 2013-10-29 14:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-29 02:56 - 2013-10-29 02:56 - 00001201 _____ C:\Users\Stephan\Desktop\Uplay.lnk
2013-10-29 02:56 - 2013-10-29 02:56 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-10-29 02:55 - 2013-10-29 02:55 - 61557616 _____ (Ubisoft) C:\Users\Stephan\Downloads\UplayInstaller.exe
2013-10-29 02:39 - 2013-11-23 11:59 - 00000000 ____D C:\Fraps
2013-10-29 02:39 - 2013-10-29 02:39 - 02326976 _____ (Beepa Pty Ltd) C:\Users\Stephan\Downloads\setup.exe
2013-10-28 20:37 - 2013-10-28 20:37 - 00001038 _____ C:\Users\Public\Desktop\Crysis 3.lnk
2013-10-28 11:28 - 2013-10-28 11:29 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-28 11:15 - 2013-10-31 19:16 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Origin
2013-10-28 11:15 - 2013-10-29 02:17 - 00000000 ____D C:\ProgramData\Origin
2013-10-28 11:15 - 2013-10-29 02:17 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-10-28 11:15 - 2013-10-28 11:28 - 00000000 ____D C:\Users\Stephan\AppData\Local\Origin
2013-10-28 11:15 - 2013-10-28 11:15 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-10-28 11:14 - 2013-11-21 19:45 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-28 11:14 - 2013-10-28 11:14 - 16957136 _____ (Electronic Arts, Inc.) C:\Users\Stephan\Downloads\OriginThinSetup.exe
2013-10-28 11:14 - 2013-10-28 11:14 - 00000032 _____ C:\Windows\setup.log
2013-10-28 11:13 - 2013-10-29 02:46 - 00000052 _____ C:\Users\Stephan\Desktop\Neues Textdokument.txt
2013-10-27 22:42 - 2013-10-27 22:42 - 00000948 _____ C:\Users\Stephan\Desktop\Core Temp.lnk
2013-10-27 22:42 - 2013-10-27 22:42 - 00000000 ____D C:\ProgramData\APN
2013-10-27 22:41 - 2013-10-27 22:41 - 00614816 _____ C:\Users\Stephan\Downloads\Core Temp - CHIP-Downloader.exe
2013-10-27 22:40 - 2013-11-06 18:38 - 00007605 _____ C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg
2013-10-27 22:40 - 2013-11-06 18:38 - 00000626 _____ C:\Users\Stephan\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-10-27 22:39 - 2013-10-27 22:39 - 00206065 _____ C:\Users\Stephan\Downloads\All_CPU47_Meter.zip
2013-10-27 22:15 - 2013-11-18 18:06 - 00000000 ____D C:\Users\Stephan\Documents\4A Games
2013-10-27 22:09 - 2013-11-01 21:08 - 00000000 ____D C:\Users\Stephan\AppData\Local\4A Games
2013-10-27 22:03 - 2013-10-27 22:03 - 01984121 _____ C:\Users\Stephan\Downloads\cpu-z-167.zip
2013-10-27 21:55 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-10-27 21:55 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-10-27 21:55 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-10-27 21:55 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-10-27 21:55 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-10-27 21:54 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-10-27 21:54 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-10-27 21:54 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-10-27 21:54 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-10-27 21:54 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-10-27 21:54 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-10-27 21:54 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-10-27 21:54 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-10-27 21:54 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-10-27 21:54 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-10-27 21:54 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-10-27 21:54 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-10-27 21:54 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-10-27 21:54 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-10-27 21:54 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-10-27 21:54 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-10-27 21:54 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-10-27 21:54 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-10-27 21:54 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-10-27 21:54 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-10-27 21:54 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-10-27 21:54 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-10-27 21:54 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-10-27 21:54 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-10-27 21:54 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-10-27 21:54 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-10-27 21:54 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-10-27 21:54 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-10-27 21:54 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-10-27 21:54 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-10-27 21:54 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-10-27 21:54 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-10-27 21:54 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-10-27 21:54 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-10-27 21:54 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-10-27 21:54 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-10-27 21:54 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-10-27 21:54 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-10-27 21:54 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-10-27 21:54 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-10-27 21:54 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-10-27 21:54 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-10-27 21:54 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-10-27 21:54 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-10-27 21:54 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-10-27 21:54 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-10-27 21:54 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-10-27 21:54 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-10-27 21:54 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-10-27 21:54 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-10-27 21:54 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-10-27 21:54 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-10-27 21:54 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-10-27 21:54 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-10-27 21:54 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-10-27 21:54 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-10-27 21:54 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-10-27 21:54 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-10-27 21:54 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-10-27 21:54 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-10-27 21:54 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-10-27 21:54 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-10-27 21:54 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-10-27 21:54 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-10-27 21:54 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-10-27 21:54 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-10-27 21:54 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-10-27 21:54 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-10-27 21:54 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-10-27 21:54 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-10-27 21:54 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-10-27 21:54 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-10-27 21:54 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-10-27 21:54 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-10-27 21:54 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-10-27 21:54 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-10-27 21:54 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-10-27 21:54 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-10-27 21:54 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-10-27 21:54 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-10-27 21:54 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-10-27 21:54 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-10-27 21:54 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-10-27 21:54 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-10-27 21:54 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-10-27 21:54 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-10-27 21:54 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-10-27 21:54 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-10-27 21:54 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-10-27 21:54 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-10-27 21:54 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-10-27 21:54 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-10-27 21:54 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-10-27 21:53 - 2013-10-27 21:53 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-27 18:40 - 2013-10-27 18:52 - 314609573 _____ C:\Users\Stephan\Downloads\fear_update_de_100-107_108.zip
2013-10-27 18:37 - 2013-10-27 18:37 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-27 18:29 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-10-27 18:29 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-10-27 18:28 - 2013-10-27 18:28 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2013-10-27 18:25 - 2013-10-27 18:25 - 00000000 ____D C:\Program Files (x86)\Sierra
2013-10-27 15:17 - 2013-10-27 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-27 15:14 - 2013-10-27 15:14 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Amazon
2013-10-27 15:13 - 2013-10-27 15:13 - 02328864 _____ C:\Users\Stephan\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2013-10-27 15:13 - 2013-10-27 15:13 - 00000000 ____D C:\Users\Stephan\Documents\Amazon MP3
2013-10-27 15:13 - 2013-10-27 15:13 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-10-27 15:08 - 2013-10-27 15:08 - 00000000 ____D C:\ProgramData\Overwolf
==================== One Month Modified Files and Folders =======
2013-11-23 12:56 - 2013-11-23 12:56 - 00007484 _____ C:\Users\Stephan\Downloads\FRST.txt
2013-11-23 12:56 - 2013-11-23 12:56 - 00000000 ____D C:\FRST
2013-11-23 12:55 - 2013-11-23 12:55 - 01957916 _____ (Farbar) C:\Users\Stephan\Downloads\FRST64.exe
2013-11-23 12:42 - 2013-09-27 17:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-23 12:40 - 2013-10-15 19:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-23 12:18 - 2013-11-23 12:13 - 00111720 _____ C:\Users\Stephan\Downloads\OTL.Txt
2013-11-23 12:18 - 2013-11-23 12:13 - 00061092 _____ C:\Users\Stephan\Downloads\Extras.Txt
2013-11-23 12:08 - 2013-11-23 12:07 - 00602112 _____ (OldTimer Tools) C:\Users\Stephan\Downloads\OTL.exe
2013-11-23 12:04 - 2013-09-27 16:44 - 01276606 _____ C:\Windows\WindowsUpdate.log
2013-11-23 12:04 - 2009-07-14 18:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-23 12:04 - 2009-07-14 18:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-23 12:04 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 12:03 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-23 12:03 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-23 11:59 - 2013-10-29 18:07 - 00003148 _____ C:\Windows\System32\Tasks\FRAPS
2013-11-23 11:59 - 2013-10-29 02:39 - 00000000 ____D C:\Fraps
2013-11-23 11:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-23 11:58 - 2009-07-14 05:51 - 00034861 _____ C:\Windows\setupact.log
2013-11-22 20:59 - 2013-11-10 21:46 - 00003032 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-11-22 20:51 - 2013-11-22 20:51 - 00000370 _____ C:\DelFix.txt
2013-11-22 20:44 - 2013-11-22 20:44 - 00010691 _____ C:\Users\Stephan\Desktop\Neues Textdokument (2).txt
2013-11-22 20:41 - 2013-11-22 20:40 - 00000000 ____D C:\AdwCleaner
2013-11-22 20:27 - 2013-09-28 13:34 - 00026748 _____ C:\Windows\PFRO.log
2013-11-21 20:04 - 2013-10-29 15:22 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-21 20:04 - 2013-10-29 15:08 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-21 19:45 - 2013-10-28 11:14 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-19 19:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-18 18:06 - 2013-10-27 22:15 - 00000000 ____D C:\Users\Stephan\Documents\4A Games
2013-11-18 17:57 - 2013-09-27 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 20:11 - 2013-09-27 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 19:50 - 2013-10-12 12:07 - 00000000 ____D C:\Users\Stephan\Documents\My Games
2013-11-11 19:23 - 2013-10-29 15:08 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-10 19:58 - 2013-10-12 11:55 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-11-10 19:58 - 2013-09-28 16:20 - 00058408 _____ C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 19:21 - 2009-07-14 05:45 - 00276584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-10 13:54 - 2013-11-10 13:54 - 00000000 ____D C:\Users\Stephan\Documents\Microsoft Hardware
2013-11-10 13:46 - 2013-11-10 13:46 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-11-10 13:46 - 2013-11-10 13:45 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-11-10 13:44 - 2013-11-10 13:44 - 50249936 _____ (Microsoft Corporation) C:\Users\Stephan\Downloads\MouseKeyboardCenterx64_DEU_2.3.145.exe
2013-11-07 17:08 - 2013-11-07 17:08 - 00000000 ____D C:\Users\Stephan\Documents\BioWare
2013-11-07 17:07 - 2013-10-12 11:40 - 00143407 _____ C:\Windows\DirectX.log
2013-11-07 15:44 - 2013-11-07 15:43 - 00000000 ____D C:\Users\Stephan\Desktop\Spiele
2013-11-06 18:38 - 2013-10-27 22:40 - 00007605 _____ C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg
2013-11-06 18:38 - 2013-10-27 22:40 - 00000626 _____ C:\Users\Stephan\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-11-06 18:21 - 2013-11-06 18:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-04 21:17 - 2013-11-04 21:17 - 00000221 _____ C:\Users\Stephan\Desktop\Mass Effect 2.url
2013-11-02 13:15 - 2013-09-27 17:31 - 00000000 ____D C:\ProgramData\Ralink
2013-11-01 22:03 - 2013-09-27 17:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-01 21:08 - 2013-10-27 22:09 - 00000000 ____D C:\Users\Stephan\AppData\Local\4A Games
2013-11-01 18:38 - 2013-09-27 17:46 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-01 14:01 - 2013-09-27 17:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-01 14:00 - 2013-11-01 14:00 - 05309784 _____ (NVIDIA Corporation) C:\Users\Stephan\Downloads\NVIDIA_3DTV_Play_Activation_Utility.exe
2013-11-01 12:29 - 2013-09-27 17:31 - 00008075 _____ C:\Windows\system32\RaCoInst.log
2013-10-31 22:03 - 2013-10-31 22:02 - 02449112 _____ C:\Users\Stephan\Downloads\light normal walls 50pct opacity.zip
2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 ____D C:\Users\Stephan\Downloads\sv_consistency Safe - Normal Translucent Walls 90 opacity
2013-10-31 22:00 - 2013-10-31 21:45 - 00000000 ____D C:\Users\Stephan\Desktop\materials original
2013-10-31 20:43 - 2013-10-31 20:43 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2013-10-31 20:43 - 2013-10-31 20:43 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 20:39 - 2013-10-31 20:39 - 00868848 _____ C:\Windows\system32\Drivers\sptd.sys
2013-10-31 20:39 - 2013-10-31 20:39 - 00000000 ____D C:\Program Files (x86)\Franzis
2013-10-31 19:16 - 2013-10-28 11:15 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Origin
2013-10-31 18:24 - 2013-10-12 12:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-10-29 15:42 - 2013-10-29 02:56 - 00000000 ____D C:\Users\Stephan\AppData\Local\Ubisoft Game Launcher
2013-10-29 15:22 - 2013-10-29 15:22 - 00000000 ____D C:\Users\Stephan\AppData\Local\PunkBuster
2013-10-29 15:21 - 2013-10-29 15:16 - 273827152 _____ (Ubisoft) C:\Users\Stephan\Downloads\farcry3_1.05.exe
2013-10-29 15:21 - 2013-10-29 15:16 - 231404576 _____ (Ubisoft) C:\Users\Stephan\Downloads\FarCry3_mp_dlc.exe
2013-10-29 15:08 - 2013-10-29 15:08 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-29 14:57 - 2013-10-29 02:56 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-29 14:57 - 2013-09-27 17:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-29 11:54 - 2013-10-29 11:54 - 00000221 _____ C:\Users\Stephan\Desktop\Metro Last Light.url
2013-10-29 11:54 - 2013-10-29 11:54 - 00000221 _____ C:\Users\Stephan\Desktop\Metro 2033.url
2013-10-29 11:54 - 2013-10-29 11:54 - 00000219 _____ C:\Users\Stephan\Desktop\Counter-Strike Source.url
2013-10-29 11:46 - 2013-10-29 11:46 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-29 02:56 - 2013-10-29 02:56 - 00001201 _____ C:\Users\Stephan\Desktop\Uplay.lnk
2013-10-29 02:56 - 2013-10-29 02:56 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-10-29 02:55 - 2013-10-29 02:55 - 61557616 _____ (Ubisoft) C:\Users\Stephan\Downloads\UplayInstaller.exe
2013-10-29 02:46 - 2013-10-28 11:13 - 00000052 _____ C:\Users\Stephan\Desktop\Neues Textdokument.txt
2013-10-29 02:39 - 2013-10-29 02:39 - 02326976 _____ (Beepa Pty Ltd) C:\Users\Stephan\Downloads\setup.exe
2013-10-29 02:17 - 2013-10-28 11:15 - 00000000 ____D C:\ProgramData\Origin
2013-10-29 02:17 - 2013-10-28 11:15 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-10-28 20:37 - 2013-10-28 20:37 - 00001038 _____ C:\Users\Public\Desktop\Crysis 3.lnk
2013-10-28 11:29 - 2013-10-28 11:28 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-28 11:28 - 2013-10-28 11:15 - 00000000 ____D C:\Users\Stephan\AppData\Local\Origin
2013-10-28 11:15 - 2013-10-28 11:15 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-10-28 11:14 - 2013-10-28 11:14 - 16957136 _____ (Electronic Arts, Inc.) C:\Users\Stephan\Downloads\OriginThinSetup.exe
2013-10-28 11:14 - 2013-10-28 11:14 - 00000032 _____ C:\Windows\setup.log
2013-10-28 11:14 - 2013-10-12 11:42 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-10-27 23:36 - 2013-10-20 11:01 - 00000000 ____D C:\Users\Stephan\AppData\Local\PMB Files
2013-10-27 22:42 - 2013-10-27 22:42 - 00000948 _____ C:\Users\Stephan\Desktop\Core Temp.lnk
2013-10-27 22:42 - 2013-10-27 22:42 - 00000000 ____D C:\ProgramData\APN
2013-10-27 22:41 - 2013-10-27 22:41 - 00614816 _____ C:\Users\Stephan\Downloads\Core Temp - CHIP-Downloader.exe
2013-10-27 22:39 - 2013-10-27 22:39 - 00206065 _____ C:\Users\Stephan\Downloads\All_CPU47_Meter.zip
2013-10-27 22:03 - 2013-10-27 22:03 - 01984121 _____ C:\Users\Stephan\Downloads\cpu-z-167.zip
2013-10-27 22:03 - 2013-10-17 18:22 - 00000000 ____D C:\Users\Stephan\AppData\Local\Overwolf
2013-10-27 21:53 - 2013-10-27 21:53 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-27 19:57 - 2013-10-19 10:32 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\NVIDIA
2013-10-27 18:52 - 2013-10-27 18:40 - 314609573 _____ C:\Users\Stephan\Downloads\fear_update_de_100-107_108.zip
2013-10-27 18:37 - 2013-10-27 18:37 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-27 18:28 - 2013-10-27 18:28 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2013-10-27 18:25 - 2013-10-27 18:25 - 00000000 ____D C:\Program Files (x86)\Sierra
2013-10-27 18:18 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-10-27 15:17 - 2013-10-27 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-27 15:14 - 2013-10-27 15:14 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Amazon
2013-10-27 15:13 - 2013-10-27 15:13 - 02328864 _____ C:\Users\Stephan\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2013-10-27 15:13 - 2013-10-27 15:13 - 00000000 ____D C:\Users\Stephan\Documents\Amazon MP3
2013-10-27 15:13 - 2013-10-27 15:13 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-10-27 15:12 - 2013-10-20 11:01 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-27 15:08 - 2013-10-27 15:08 - 00000000 ____D C:\ProgramData\Overwolf
Some content of TEMP:
====================
C:\Users\Stephan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Stephan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Stephan\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Stephan\AppData\Local\Temp\nvStInst.exe
C:\Users\Stephan\AppData\Local\Temp\Quarantine.exe
C:\Users\Stephan\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Stephan\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Stephan\AppData\Local\Temp\sfextra.dll
C:\Users\Stephan\AppData\Local\Temp\swt-win32-3740.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 17:29
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2013
Ran by Stephan at 2013-11-23 12:56:50
Running from C:\Users\Stephan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Core Temp 1.0 RC6 (Version: 1.0)
Counter-Strike: Source (x32)
Crysis WARHEAD(R) (x32 Version: 1.0)
Crysis WARHEAD(R) (x32)
Crysis®3 (x32 Version: 1.0.0.0)
Extended Update (HKCU)
Far Cry 3 (x32 Version: 1.05)
FEAR (x32 Version: 1.00.0000)
Fraps (x32)
Google Update Helper (x32 Version: 1.3.23.0)
Hama Wireless LAN Adapter (x32 Version: 10.6.0)
League of Legends (x32 Version: 1.3)
Mass Effect 2 (x32)
Metro 2033 (x32)
Metro: Last Light (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.145.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
Need for Speed: SHIFT (x32)
No More Room in Hell (x32)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
Origin (x32 Version: 9.3.10.4710)
Pando Media Booster (x32 Version: 2.6.0.9)
PunkBuster Services (x32 Version: 0.993)
SHIELD Streaming (Version: 1.05.28)
Skype™ 6.9 (x32 Version: 6.9.106)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13)
The Elder Scrolls V: Skyrim (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Uplay (x32 Version: 4.0)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
==================== Restore Points =========================
10-11-2013 12:45:41 DCInstallRestorePoint
15-11-2013 16:25:54 Windows Update
22-11-2013 19:59:08 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0ED8B41D-017F-4D14-BA03-926238CE8E87} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {374393B2-1605-499F-9C1E-27E123B53737} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
Task: {517B9211-BDFE-499E-B9A5-398BCC8373F4} - \UpdaterEX No Task File
Task: {63BB8884-D7D0-4AB9-9E86-BD64E3C86A3F} - \EPUpdater No Task File
Task: {6FF5B46E-CD02-434B-AD0B-19BA762EFC50} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {816AA33C-D0F7-471F-8CC7-9E3CCAA5F2BC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
Task: {8D96D5DE-0E85-4E5E-83F3-A1B948690467} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-09-04] (Microsoft)
Task: {8E3CEADA-C7B5-457B-B64E-00D5563A9560} - System32\Tasks\{1F137FD5-92D6-4E08-BBC6-F74C5196FEEB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {94F9B013-8FB9-49C5-88F9-D853FA2C0919} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
Task: {D312B760-2B86-4E94-8113-5D77B4069FE7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-15] (Adobe Systems Incorporated)
Task: {FDD34B0E-DD5B-4023-A4B8-CF015F8F1A2A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-10-27 22:39 - 2013-10-27 22:39 - 00012520 _____ () C:\Users\Stephan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.gadget\CoreTempReader.dll
2013-10-27 22:39 - 2013-10-27 22:39 - 00015080 _____ () C:\Users\Stephan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.gadget\GetCoreTempInfoNET.dll
2013-10-27 22:39 - 2013-10-27 22:39 - 00014056 _____ () C:\Users\Stephan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.gadget\SystemInfo.dll
2013-09-27 17:55 - 2013-09-27 17:55 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-16 17:01 - 2013-01-16 17:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2013-01-16 17:00 - 2013-01-16 17:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2013-01-16 17:01 - 2013-01-16 17:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2013-01-16 17:00 - 2013-01-16 17:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2013-01-16 17:01 - 2013-01-16 17:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2011-04-30 20:04 - 2011-04-30 20:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2013-09-27 17:31 - 2010-06-14 13:38 - 00984416 _____ () C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
2013-09-27 17:38 - 2013-11-17 20:11 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-15 19:50 - 2013-10-15 19:50 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2013-08-21 13:18 - 2013-10-24 18:45 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-09-21 09:35 - 2013-10-30 20:25 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 13:20 - 2013-10-23 21:07 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:966F7784
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2013 10:17:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xd6c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (11/10/2013 08:39:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1, Zeitstempel: 0x51226a2f
Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1, Zeitstempel: 0x512269ef
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00626115
ID des fehlerhaften Prozesses: 0x12b4
Startzeit der fehlerhaften Anwendung: 0xfarcry3_d3d11.exe0
Pfad der fehlerhaften Anwendung: farcry3_d3d11.exe1
Pfad des fehlerhaften Moduls: farcry3_d3d11.exe2
Berichtskennung: farcry3_d3d11.exe3
Error: (11/10/2013 02:19:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1, Zeitstempel: 0x51226a2f
Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1, Zeitstempel: 0x512269ef
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00626115
ID des fehlerhaften Prozesses: 0x1384
Startzeit der fehlerhaften Anwendung: 0xfarcry3_d3d11.exe0
Pfad der fehlerhaften Anwendung: farcry3_d3d11.exe1
Pfad des fehlerhaften Moduls: farcry3_d3d11.exe2
Berichtskennung: farcry3_d3d11.exe3
Error: (11/10/2013 02:14:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1, Zeitstempel: 0x51226a2f
Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1, Zeitstempel: 0x512269ef
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00626115
ID des fehlerhaften Prozesses: 0xc7c
Startzeit der fehlerhaften Anwendung: 0xfarcry3_d3d11.exe0
Pfad der fehlerhaften Anwendung: farcry3_d3d11.exe1
Pfad des fehlerhaften Moduls: farcry3_d3d11.exe2
Berichtskennung: farcry3_d3d11.exe3
Error: (11/09/2013 03:20:28 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (11/09/2013 03:20:28 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (11/09/2013 03:20:28 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (11/06/2013 09:59:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1, Zeitstempel: 0x51226a2f
Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1, Zeitstempel: 0x512269ef
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0117e8b3
ID des fehlerhaften Prozesses: 0x1044
Startzeit der fehlerhaften Anwendung: 0xfarcry3_d3d11.exe0
Pfad der fehlerhaften Anwendung: farcry3_d3d11.exe1
Pfad des fehlerhaften Moduls: farcry3_d3d11.exe2
Berichtskennung: farcry3_d3d11.exe3
Error: (11/03/2013 04:36:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xc08
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (11/03/2013 04:36:11 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
System errors:
=============
Error: (11/22/2013 08:01:36 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/22/2013 08:01:34 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "BitGuard" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (11/22/2013 08:01:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BitGuard" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/06/2013 06:31:19 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (11/01/2013 02:01:33 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000003 00000080 00000000 00000005 0000000b
Error: (11/01/2013 02:01:33 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000003 00000080 00000000 00000005 0000000b
Error: (11/01/2013 02:01:33 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000003 00000080 00000000 00000005 0000000b
Error: (11/01/2013 02:01:33 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000003 00000080 00000000 00000005 0000000b
Error: (10/31/2013 04:47:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/31/2013 04:47:13 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Microsoft Office Sessions:
=========================
Error: (11/12/2013 10:17:06 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487d6c01cedfec7abbc4b7C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exec82bd713-4bdf-11e3-866f-f2a8e886be9e
Error: (11/10/2013 08:39:10 PM) (Source: Application Error)(User: )
Description: farcry3_d3d11.exe0.1.0.151226a2fFC3_d3d11.dll0.1.0.1512269efc00000050062611512b401cede43c853baaeC:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exeC:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dllc48f845a-4a3f-11e3-872a-ad0a88d29bed
Error: (11/10/2013 02:19:15 PM) (Source: Application Error)(User: )
Description: farcry3_d3d11.exe0.1.0.151226a2fFC3_d3d11.dll0.1.0.1512269efc000000500626115138401cede16fa62e90fC:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exeC:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dllb1983d97-4a0a-11e3-856b-f9538567f990
Error: (11/10/2013 02:14:25 PM) (Source: Application Error)(User: )
Description: farcry3_d3d11.exe0.1.0.151226a2fFC3_d3d11.dll0.1.0.1512269efc000000500626115c7c01cede1418308789C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exeC:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dll04bbf8b9-4a0a-11e3-856b-f9538567f990
Error: (11/09/2013 03:20:28 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (11/09/2013 03:20:28 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (11/09/2013 03:20:28 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (11/06/2013 09:59:00 PM) (Source: Application Error)(User: )
Description: farcry3_d3d11.exe0.1.0.151226a2fFC3_d3d11.dll0.1.0.1512269efc00000050117e8b3104401cedb17009714feC:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exeC:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dll421bd82b-4726-11e3-a187-8338197e2595
Error: (11/03/2013 04:36:58 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487c0801ced8aa7c5855d2C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exec5ef0d97-449d-11e3-b903-d0a79d53b196
Error: (11/03/2013 04:36:11 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
==================== Memory info ===========================
Percentage of memory in use: 29%
Total physical RAM: 8168.95 MB
Available physical RAM: 5797.32 MB
Total Pagefile: 16336.07 MB
Available Pagefile: 13427.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:596.07 GB) (Free:423.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: F4A7822C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.11.2013, 13:07
| #4 | |
| /// TB-Ausbilder | bProspector - wie richtig entfernen? Servus, Zitat:
Dann kann es losgehen.  |
|
23.11.2013, 13:27
| #5 |
| | bProspector - wie richtig entfernen? Alles klar. Habe nach Ende des Suchlaufes drei Viren in Quarantäne verschoben. Hier der Log von Avira Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 23. November 2013 12:39
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Ultimate
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : STEPHANS-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.4052 55009 Bytes 29.08.2013 17:56:00
AVSCAN.EXE : 13.6.20.2100 639032 Bytes 27.09.2013 16:54:44
AVSCANRC.DLL : 13.6.20.2174 63032 Bytes 27.09.2013 16:54:44
LUKE.DLL : 13.6.20.2174 65080 Bytes 27.09.2013 16:54:54
AVSCPLR.DLL : 13.6.20.2174 92216 Bytes 27.09.2013 16:54:44
AVREG.DLL : 13.6.20.2174 250424 Bytes 27.09.2013 16:54:43
avlode.dll : 13.6.20.2174 497720 Bytes 27.09.2013 16:54:43
avlode.rdf : 13.0.1.48 27867 Bytes 14.11.2013 18:29:38
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 16:54:20
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 16:54:22
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 16:54:23
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 16:54:24
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 16:54:26
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 16:54:30
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24.09.2013 16:54:32
VBASE007.VDF : 7.11.111.18 3598336 Bytes 06.11.2013 15:19:10
VBASE008.VDF : 7.11.111.19 2048 Bytes 06.11.2013 15:19:10
VBASE009.VDF : 7.11.111.20 2048 Bytes 06.11.2013 15:19:11
VBASE010.VDF : 7.11.111.21 2048 Bytes 06.11.2013 15:19:11
VBASE011.VDF : 7.11.111.22 2048 Bytes 06.11.2013 15:19:11
VBASE012.VDF : 7.11.111.23 2048 Bytes 06.11.2013 15:19:11
VBASE013.VDF : 7.11.111.150 168448 Bytes 07.11.2013 14:31:16
VBASE014.VDF : 7.11.112.47 247808 Bytes 08.11.2013 11:45:23
VBASE015.VDF : 7.11.112.139 323584 Bytes 11.11.2013 18:19:03
VBASE016.VDF : 7.11.113.39 221696 Bytes 13.11.2013 18:29:33
VBASE017.VDF : 7.11.113.149 246272 Bytes 15.11.2013 16:23:06
VBASE018.VDF : 7.11.113.243 220160 Bytes 17.11.2013 19:08:38
VBASE019.VDF : 7.11.114.89 262144 Bytes 19.11.2013 17:22:10
VBASE020.VDF : 7.11.114.157 190976 Bytes 20.11.2013 16:10:37
VBASE021.VDF : 7.11.114.229 136192 Bytes 21.11.2013 17:15:30
VBASE022.VDF : 7.11.114.230 2048 Bytes 21.11.2013 17:15:30
VBASE023.VDF : 7.11.114.231 2048 Bytes 21.11.2013 17:15:30
VBASE024.VDF : 7.11.114.232 2048 Bytes 21.11.2013 17:15:30
VBASE025.VDF : 7.11.114.233 2048 Bytes 21.11.2013 17:15:30
VBASE026.VDF : 7.11.114.234 2048 Bytes 21.11.2013 17:15:31
VBASE027.VDF : 7.11.114.235 2048 Bytes 21.11.2013 17:15:31
VBASE028.VDF : 7.11.114.236 2048 Bytes 21.11.2013 17:15:31
VBASE029.VDF : 7.11.114.237 2048 Bytes 21.11.2013 17:15:31
VBASE030.VDF : 7.11.114.238 2048 Bytes 21.11.2013 17:15:31
VBASE031.VDF : 7.11.115.34 269824 Bytes 22.11.2013 18:36:53
Engineversion : 8.2.12.150
AEVDF.DLL : 8.1.3.4 102774 Bytes 27.09.2013 16:54:36
AESCRIPT.DLL : 8.1.4.170 516478 Bytes 22.11.2013 12:37:16
AESCN.DLL : 8.1.10.4 131446 Bytes 27.09.2013 16:54:35
AESBX.DLL : 8.2.16.26 1245560 Bytes 27.09.2013 16:54:36
AERDL.DLL : 8.2.0.128 688504 Bytes 27.09.2013 16:54:35
AEPACK.DLL : 8.3.3.4 758136 Bytes 16.10.2013 14:14:14
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 27.09.2013 16:54:35
AEHEUR.DLL : 8.1.4.774 6263162 Bytes 22.11.2013 12:37:15
AEHELP.DLL : 8.1.27.10 266618 Bytes 22.11.2013 12:36:57
AEGEN.DLL : 8.1.7.20 446839 Bytes 14.11.2013 18:29:36
AEEXP.DLL : 8.4.1.114 381304 Bytes 22.11.2013 12:37:17
AEEMU.DLL : 8.1.3.2 393587 Bytes 27.09.2013 16:54:33
AECORE.DLL : 8.1.32.2 201081 Bytes 08.11.2013 15:45:32
AEBB.DLL : 8.1.1.4 53619 Bytes 27.09.2013 16:54:33
AVWINLL.DLL : 13.6.20.2174 23608 Bytes 27.09.2013 16:53:41
AVPREF.DLL : 13.6.20.2174 48184 Bytes 27.09.2013 16:54:43
AVREP.DLL : 13.6.20.2174 175672 Bytes 27.09.2013 16:54:44
AVARKT.DLL : 13.6.20.2174 258104 Bytes 27.09.2013 16:54:40
AVEVTLOG.DLL : 13.6.20.2174 165432 Bytes 27.09.2013 16:54:41
SQLITE3.DLL : 3.7.0.1 394824 Bytes 27.09.2013 16:55:00
AVSMTP.DLL : 13.6.20.2174 60472 Bytes 27.09.2013 16:54:44
NETNT.DLL : 13.6.20.2174 13368 Bytes 27.09.2013 16:54:56
RCIMAGE.DLL : 13.6.20.2174 4786744 Bytes 27.09.2013 16:53:41
RCTEXT.DLL : 13.6.20.2174 68152 Bytes 27.09.2013 16:53:41
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 23. November 2013 12:39
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaRegistry.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaRegistry64.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindServiceAE.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'itype.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'fraps.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSIAfterburner.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvTmru.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaUI.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'fraps64.dat' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_9_900_117.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_9_900_117.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'steam.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'hl2.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'GameOverlayUI.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1695' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\AdwCleaner\Quarantine\C\Users\Stephan\AppData\Roaming\file scout\filescout.exe.vir
[FUND] Ist das Trojanische Pferd TR/Sefnit.BO
[0] Archivtyp: RSRC
--> C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ODBF8E2\pack[1].7z
[1] Archivtyp: 7-Zip
--> protector.dll
[FUND] Enthält Erkennungsmuster der Adware ADWARE/BHO.Bprotector.1.4
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ODBF8E2\pack[1].7z
[FUND] Enthält Erkennungsmuster der Adware ADWARE/BHO.Bprotector.1.4
C:\Users\Stephan\AppData\Local\Temp\setup_fsu_cid.exe
[FUND] Ist das Trojanische Pferd TR/Sefnit.AW.1
Beginne mit der Desinfektion:
C:\Users\Stephan\AppData\Local\Temp\setup_fsu_cid.exe
[FUND] Ist das Trojanische Pferd TR/Sefnit.AW.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5b1b31d1.qua' verschoben!
C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ODBF8E2\pack[1].7z
[FUND] Enthält Erkennungsmuster der Adware ADWARE/BHO.Bprotector.1.4
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '427b1e72.qua' verschoben!
C:\AdwCleaner\Quarantine\C\Users\Stephan\AppData\Roaming\file scout\filescout.exe.vir
[FUND] Ist das Trojanische Pferd TR/Sefnit.BO
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '102b4492.qua' verschoben!
Ende des Suchlaufs: Samstag, 23. November 2013 13:26
Benötigte Zeit: 43:23 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
39974 Verzeichnisse wurden überprüft
680689 Dateien wurden geprüft
4 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
680685 Dateien ohne Befall
5097 Archive wurden durchsucht
1 Warnungen
4 Hinweise
722066 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
|
|
23.11.2013, 13:35
| #6 |
| /// TB-Ausbilder | bProspector - wie richtig entfernen? Servus, Schritt 1 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste mit deiner nächsten Antwort
|
|
23.11.2013, 14:07
| #7 |
| | bProspector - wie richtig entfernen? Hier die Logfiles: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Stephan on 23.11.2013 at 13:38:59,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-354402506-3592774248-4125264042-1000\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\el4enbqt.default\extensions\staged
Emptied folder: C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\el4enbqt.default\minidumps [9 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.11.2013 at 13:41:40,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.23.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Stephan :: STEPHANS-PC [Administrator] Schutz: Aktiviert 23.11.2013 13:44:27 mbam-log-2013-11-23 (13-44-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206102 Laufzeit: 2 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Stephan\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 26 C:\Users\Stephan\AppData\Local\Temp\5F02.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E0EC.tmp (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\F0ED.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\bus1351\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\bus222F\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\bus80D2\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\bus88AF\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\bus88CE\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\bus8D60\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\bus8EC7\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\bus9CEA\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\busA360\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\busA514\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E483AFC4-BAB0-7891-A984-E98F659B2FAF\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E483AFC4-BAB0-7891-A984-E98F659B2FAF\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E483AFC4-BAB0-7891-A984-E98F659B2FAF\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E483AFC4-BAB0-7891-A984-E98F659B2FAF\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E483AFC4-BAB0-7891-A984-E98F659B2FAF\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E483AFC4-BAB0-7891-A984-E98F659B2FAF\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E483AFC4-BAB0-7891-A984-E98F659B2FAF\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\E483AFC4-BAB0-7891-A984-E98F659B2FAF\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\is1275519350\3079270_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\is1275519350\3079327_stp\wajam_download.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\AppData\Local\Temp\is1275519350\3079349_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\Downloads\Core Temp - CHIP-Downloader.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephan\Downloads\Firefox_Setup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Zoek.exe Version 4.0.0.5 Updated 14-November-2013
Tool run by Stephan on 23.11.2013 at 13:56:11,47.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Stephan\Desktop\zoek.scr [Script inserted]
==== System Restore Info ======================
23.11.2013 13:57:00 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fe063412-bea4-4d76-8ed3-183be6220d17} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fe063412-bea4-4d76-8ed3-183be6220d17} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{fe063412-bea4-4d76-8ed3-183be6220d17} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.de");
Added to C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\Stephan\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\Users\Stephan\AppData\Local\BIT48C2.tmp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Delta deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
"C:\Users\Stephan\AppData\Local\{218FF33E-BCBE-4822-8F3D-BF376C3D5EF8}" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net
- GFACE Experience Plugin - %ProfilePath%\extensions\cryenginebrowserplugin@crytek.com
- WebSparkle - %ProfilePath%\extensions\firefox@websparkle.biz
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default
83B4A7AA7A73FB4322FBAA2BCE96F499 - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\extensions\cryenginebrowserplugin@crytek.com\plugins\npcry39.dll - GFACE Plugin
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
E09A55AB513C4D5145F1C318ED024747 - C:\Users\Stephan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll - AmazonMP3DownloaderPlugin
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart PC Cleaner deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Stephan\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\el4enbqt.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Stephan\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 23.11.2013 at 14:04:29,22 ======================
|
|
23.11.2013, 19:08
| #8 |
| /// TB-Ausbilder | bProspector - wie richtig entfernen? Servus, Wir spüren die letzten Reste auf, damit wir sie später entfernen können: Schritt 1 Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden wieder zwei Logdateien erzeugt. Poste mir diese. Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Gibt es noch Probleme mit Malware? Wenn ja, welche? Wie läuft der Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
|
24.11.2013, 11:15
| #9 |
| | bProspector - wie richtig entfernen? FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by Stephan (administrator) on STEPHANS-PC on 24-11-2013 11:10:15
Running from C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NOKXSV7
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Beepa P/L) C:\Fraps\fraps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry64.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKCU\...\Run: [AlcoholAutomount] - "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MountPoints2: {a7a7ca1d-278a-11e3-9c9a-806e6f6e6963} - D:\AutoRun.exe
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-27] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: [ ] ()
==================== Internet (Whitelisted) ====================
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Stephan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\adblockpopups@jessehakanen.net
FF Extension: GFACE Experience Plugin - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: WebSparkle - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\firefox@websparkle.biz
FF Extension: Adblock Plus - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: adblockpopups - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: noscript - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-27] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-29] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\Hama\Common\RaRegistry.exe [193888 2010-06-01] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Hama\Common\RaRegistry64.exe [211296 2010-06-01] (Ralink Technology, Corp.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-27] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-10-31] ()
U3 aen248ie; C:\Windows\System32\Drivers\aen248ie.sys [0 ] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-24 11:10 - 2013-11-24 11:10 - 00165376 _____ C:\Users\Stephan\Downloads\SystemLook_x64.exe
2013-11-24 11:04 - 2013-11-24 11:04 - 105937674 _____ C:\Windows\SysWOW64\뫹缉V
2013-11-23 15:13 - 2013-11-23 15:13 - 00000000 ____D C:\Users\Stephan\AppData\Local\Skyrim
2013-11-23 14:04 - 2013-11-23 14:04 - 00007327 _____ C:\Users\Stephan\Desktop\zoek.txt
2013-11-23 14:02 - 2013-10-18 01:11 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-11-23 13:56 - 2013-11-23 14:04 - 00007327 _____ C:\zoek-results.log
2013-11-23 13:56 - 2013-11-23 14:01 - 00000000 ____D C:\zoek_backup
2013-11-23 13:55 - 2013-11-23 13:55 - 04182609 _____ C:\Users\Stephan\Downloads\zoek.rar
2013-11-23 13:50 - 2013-11-23 13:50 - 00005236 _____ C:\Users\Stephan\Desktop\mwb.txt
2013-11-23 13:43 - 2013-11-23 13:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stephan\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-23 13:43 - 2013-11-23 13:43 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Malwarebytes
2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-23 13:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-23 13:41 - 2013-11-23 13:41 - 00001246 _____ C:\Users\Stephan\Desktop\JRT.txt
2013-11-23 13:38 - 2013-11-23 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-23 13:37 - 2013-11-23 13:37 - 01034531 _____ (Thisisu) C:\Users\Stephan\Downloads\JRT.exe
2013-11-23 12:56 - 2013-11-23 12:59 - 00055890 _____ C:\Users\Stephan\Downloads\FRST.txt
2013-11-23 12:56 - 2013-11-23 12:59 - 00019826 _____ C:\Users\Stephan\Downloads\Addition.txt
2013-11-23 12:56 - 2013-11-23 12:56 - 00000000 ____D C:\FRST
2013-11-23 12:13 - 2013-11-23 12:18 - 00111720 _____ C:\Users\Stephan\Downloads\OTL.Txt
2013-11-23 12:13 - 2013-11-23 12:18 - 00061092 _____ C:\Users\Stephan\Downloads\Extras.Txt
2013-11-23 12:07 - 2013-11-23 12:08 - 00602112 _____ (OldTimer Tools) C:\Users\Stephan\Downloads\OTL.exe
2013-11-22 20:51 - 2013-11-22 20:51 - 00000370 _____ C:\DelFix.txt
2013-11-22 20:40 - 2013-11-22 20:41 - 00000000 ____D C:\AdwCleaner
2013-11-22 20:39 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-22 20:39 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-15 17:28 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 17:28 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 17:28 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 17:28 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 17:27 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 17:27 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 17:27 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 17:27 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 17:27 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 17:27 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 17:27 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 17:27 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 17:27 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 17:27 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 19:36 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 19:36 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 19:36 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 19:36 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 19:36 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 19:36 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 19:36 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 19:36 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 19:36 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 19:36 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:36 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 19:36 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:36 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 19:36 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 19:36 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 19:36 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 19:36 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 19:36 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 19:36 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 19:36 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 19:36 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 19:36 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 19:36 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 19:36 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 19:36 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 19:36 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 19:36 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 19:36 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 19:36 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 19:36 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 21:46 - 2013-11-23 18:24 - 00003032 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-11-10 13:54 - 2013-11-10 13:54 - 00000000 ____D C:\Users\Stephan\Documents\Microsoft Hardware
2013-11-10 13:46 - 2013-11-10 13:46 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-11-10 13:45 - 2013-11-10 13:46 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-11-10 13:44 - 2013-11-10 13:44 - 50249936 _____ (Microsoft Corporation) C:\Users\Stephan\Downloads\MouseKeyboardCenterx64_DEU_2.3.145.exe
2013-11-07 17:08 - 2013-11-07 17:08 - 00000000 ____D C:\Users\Stephan\Documents\BioWare
2013-11-07 17:07 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-11-07 17:07 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-07 15:43 - 2013-11-07 15:44 - 00000000 ____D C:\Users\Stephan\Desktop\Spiele
2013-11-06 18:21 - 2013-11-06 18:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-04 21:17 - 2013-11-04 21:17 - 00000221 _____ C:\Users\Stephan\Desktop\Mass Effect 2.url
2013-11-01 14:00 - 2013-11-01 14:00 - 05309784 _____ (NVIDIA Corporation) C:\Users\Stephan\Downloads\NVIDIA_3DTV_Play_Activation_Utility.exe
2013-10-31 22:02 - 2013-10-31 22:03 - 02449112 _____ C:\Users\Stephan\Downloads\light normal walls 50pct opacity.zip
2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 ____D C:\Users\Stephan\Downloads\sv_consistency Safe - Normal Translucent Walls 90 opacity
2013-10-31 21:45 - 2013-10-31 22:00 - 00000000 ____D C:\Users\Stephan\Desktop\materials original
2013-10-31 20:43 - 2013-10-31 20:43 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2013-10-31 20:43 - 2013-10-31 20:43 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 20:39 - 2013-10-31 20:39 - 00868848 _____ C:\Windows\system32\Drivers\sptd.sys
2013-10-31 20:39 - 2013-10-31 20:39 - 00000000 ____D C:\Program Files (x86)\Franzis
2013-10-29 18:07 - 2013-11-24 11:04 - 00003148 _____ C:\Windows\System32\Tasks\FRAPS
2013-10-29 15:22 - 2013-11-21 20:04 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-29 15:22 - 2013-10-29 15:22 - 00000000 ____D C:\Users\Stephan\AppData\Local\PunkBuster
2013-10-29 15:16 - 2013-10-29 15:21 - 273827152 _____ (Ubisoft) C:\Users\Stephan\Downloads\farcry3_1.05.exe
2013-10-29 15:16 - 2013-10-29 15:21 - 231404576 _____ (Ubisoft) C:\Users\Stephan\Downloads\FarCry3_mp_dlc.exe
2013-10-29 15:08 - 2013-11-21 20:04 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-29 15:08 - 2013-11-11 19:23 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-29 15:08 - 2013-10-29 15:08 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-29 11:54 - 2013-10-29 11:54 - 00000221 _____ C:\Users\Stephan\Desktop\Metro Last Light.url
2013-10-29 11:54 - 2013-10-29 11:54 - 00000221 _____ C:\Users\Stephan\Desktop\Metro 2033.url
2013-10-29 11:54 - 2013-10-29 11:54 - 00000219 _____ C:\Users\Stephan\Desktop\Counter-Strike Source.url
2013-10-29 11:46 - 2013-10-29 11:46 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-29 02:56 - 2013-10-29 15:42 - 00000000 ____D C:\Users\Stephan\AppData\Local\Ubisoft Game Launcher
2013-10-29 02:56 - 2013-10-29 14:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-29 02:56 - 2013-10-29 02:56 - 00001201 _____ C:\Users\Stephan\Desktop\Uplay.lnk
2013-10-29 02:56 - 2013-10-29 02:56 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-10-29 02:55 - 2013-10-29 02:55 - 61557616 _____ (Ubisoft) C:\Users\Stephan\Downloads\UplayInstaller.exe
2013-10-29 02:39 - 2013-11-24 11:04 - 00000000 ____D C:\Fraps
2013-10-29 02:39 - 2013-10-29 02:39 - 02326976 _____ (Beepa Pty Ltd) C:\Users\Stephan\Downloads\setup.exe
2013-10-28 20:37 - 2013-10-28 20:37 - 00001038 _____ C:\Users\Public\Desktop\Crysis 3.lnk
2013-10-28 11:28 - 2013-10-28 11:29 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-28 11:15 - 2013-10-31 19:16 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Origin
2013-10-28 11:15 - 2013-10-29 02:17 - 00000000 ____D C:\ProgramData\Origin
2013-10-28 11:15 - 2013-10-29 02:17 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-10-28 11:15 - 2013-10-28 11:28 - 00000000 ____D C:\Users\Stephan\AppData\Local\Origin
2013-10-28 11:15 - 2013-10-28 11:15 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-10-28 11:14 - 2013-11-21 19:45 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-28 11:14 - 2013-10-28 11:14 - 16957136 _____ (Electronic Arts, Inc.) C:\Users\Stephan\Downloads\OriginThinSetup.exe
2013-10-28 11:14 - 2013-10-28 11:14 - 00000032 _____ C:\Windows\setup.log
2013-10-28 11:13 - 2013-10-29 02:46 - 00000052 _____ C:\Users\Stephan\Desktop\Neues Textdokument.txt
2013-10-27 22:42 - 2013-10-27 22:42 - 00000948 _____ C:\Users\Stephan\Desktop\Core Temp.lnk
2013-10-27 22:40 - 2013-11-06 18:38 - 00007605 _____ C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg
2013-10-27 22:39 - 2013-10-27 22:39 - 00206065 _____ C:\Users\Stephan\Downloads\All_CPU47_Meter.zip
2013-10-27 22:15 - 2013-11-18 18:06 - 00000000 ____D C:\Users\Stephan\Documents\4A Games
2013-10-27 22:09 - 2013-11-01 21:08 - 00000000 ____D C:\Users\Stephan\AppData\Local\4A Games
2013-10-27 22:03 - 2013-10-27 22:03 - 01984121 _____ C:\Users\Stephan\Downloads\cpu-z-167.zip
2013-10-27 21:55 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-10-27 21:55 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-10-27 21:55 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-10-27 21:55 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-10-27 21:55 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-10-27 21:55 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-10-27 21:55 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-10-27 21:55 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-10-27 21:55 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-10-27 21:55 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-10-27 21:55 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-10-27 21:55 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-10-27 21:55 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-10-27 21:54 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-10-27 21:54 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-10-27 21:54 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-10-27 21:54 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-10-27 21:54 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-10-27 21:54 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-10-27 21:54 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-10-27 21:54 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-10-27 21:54 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-10-27 21:54 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-10-27 21:54 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-10-27 21:54 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-10-27 21:54 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-10-27 21:54 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-10-27 21:54 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-10-27 21:54 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-10-27 21:54 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-10-27 21:54 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-10-27 21:54 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-10-27 21:54 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-10-27 21:54 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-10-27 21:54 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-10-27 21:54 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-10-27 21:54 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-10-27 21:54 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-10-27 21:54 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-10-27 21:54 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-10-27 21:54 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-10-27 21:54 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-10-27 21:54 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-10-27 21:54 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-10-27 21:54 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-10-27 21:54 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-10-27 21:54 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-10-27 21:54 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-10-27 21:54 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-10-27 21:54 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-10-27 21:54 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-10-27 21:54 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-10-27 21:54 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-10-27 21:54 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-10-27 21:54 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-10-27 21:54 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-10-27 21:54 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-10-27 21:54 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-10-27 21:54 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-10-27 21:54 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-10-27 21:54 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-10-27 21:54 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-10-27 21:54 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-10-27 21:54 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-10-27 21:54 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-10-27 21:54 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-10-27 21:54 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-10-27 21:54 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-10-27 21:54 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-10-27 21:54 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-10-27 21:54 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-10-27 21:54 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-10-27 21:54 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-10-27 21:54 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-10-27 21:54 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-10-27 21:54 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-10-27 21:54 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-10-27 21:54 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-10-27 21:54 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-10-27 21:54 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-10-27 21:54 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-10-27 21:54 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-10-27 21:54 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-10-27 21:54 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-10-27 21:54 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-10-27 21:54 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-10-27 21:54 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-10-27 21:54 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-10-27 21:54 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-10-27 21:54 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-10-27 21:54 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-10-27 21:54 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-10-27 21:54 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-10-27 21:54 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-10-27 21:54 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-10-27 21:54 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-10-27 21:54 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-10-27 21:54 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-10-27 21:54 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-10-27 21:54 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-10-27 21:54 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-10-27 21:54 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-10-27 21:54 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-10-27 21:54 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-10-27 21:54 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-10-27 21:54 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-10-27 21:54 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-10-27 21:54 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-10-27 21:54 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-10-27 21:53 - 2013-10-27 21:53 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-27 18:40 - 2013-10-27 18:52 - 314609573 _____ C:\Users\Stephan\Downloads\fear_update_de_100-107_108.zip
2013-10-27 18:37 - 2013-10-27 18:37 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-27 18:29 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-10-27 18:29 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-10-27 18:28 - 2013-10-27 18:28 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2013-10-27 18:25 - 2013-10-27 18:25 - 00000000 ____D C:\Program Files (x86)\Sierra
2013-10-27 15:17 - 2013-10-27 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-27 15:14 - 2013-10-27 15:14 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Amazon
2013-10-27 15:13 - 2013-10-27 15:13 - 02328864 _____ C:\Users\Stephan\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2013-10-27 15:13 - 2013-10-27 15:13 - 00000000 ____D C:\Users\Stephan\Documents\Amazon MP3
2013-10-27 15:13 - 2013-10-27 15:13 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-10-27 15:08 - 2013-10-27 15:08 - 00000000 ____D C:\ProgramData\Overwolf
==================== One Month Modified Files and Folders =======
2013-11-24 11:10 - 2013-11-24 11:10 - 00165376 _____ C:\Users\Stephan\Downloads\SystemLook_x64.exe
2013-11-24 11:09 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 11:09 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 11:08 - 2013-09-27 16:44 - 01451509 _____ C:\Windows\WindowsUpdate.log
2013-11-24 11:08 - 2009-07-14 18:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-24 11:08 - 2009-07-14 18:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-24 11:08 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 11:04 - 2013-11-24 11:04 - 105937674 _____ C:\Windows\SysWOW64\뫹缉V
2013-11-24 11:04 - 2013-10-29 18:07 - 00003148 _____ C:\Windows\System32\Tasks\FRAPS
2013-11-24 11:04 - 2013-10-29 02:39 - 00000000 ____D C:\Fraps
2013-11-24 11:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 11:03 - 2009-07-14 05:51 - 00035533 _____ C:\Windows\setupact.log
2013-11-23 18:24 - 2013-11-10 21:46 - 00003032 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-11-23 17:40 - 2013-10-15 19:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-23 17:23 - 2013-09-27 17:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-23 15:13 - 2013-11-23 15:13 - 00000000 ____D C:\Users\Stephan\AppData\Local\Skyrim
2013-11-23 15:12 - 2013-10-12 11:40 - 00160996 _____ C:\Windows\DirectX.log
2013-11-23 14:04 - 2013-11-23 14:04 - 00007327 _____ C:\Users\Stephan\Desktop\zoek.txt
2013-11-23 14:04 - 2013-11-23 13:56 - 00007327 _____ C:\zoek-results.log
2013-11-23 14:03 - 2013-09-28 13:34 - 00035288 _____ C:\Windows\PFRO.log
2013-11-23 14:01 - 2013-11-23 13:56 - 00000000 ____D C:\zoek_backup
2013-11-23 13:55 - 2013-11-23 13:55 - 04182609 _____ C:\Users\Stephan\Downloads\zoek.rar
2013-11-23 13:50 - 2013-11-23 13:50 - 00005236 _____ C:\Users\Stephan\Desktop\mwb.txt
2013-11-23 13:43 - 2013-11-23 13:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stephan\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-23 13:43 - 2013-11-23 13:43 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Malwarebytes
2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-23 13:41 - 2013-11-23 13:41 - 00001246 _____ C:\Users\Stephan\Desktop\JRT.txt
2013-11-23 13:38 - 2013-11-23 13:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-23 13:37 - 2013-11-23 13:37 - 01034531 _____ (Thisisu) C:\Users\Stephan\Downloads\JRT.exe
2013-11-23 12:59 - 2013-11-23 12:56 - 00055890 _____ C:\Users\Stephan\Downloads\FRST.txt
2013-11-23 12:59 - 2013-11-23 12:56 - 00019826 _____ C:\Users\Stephan\Downloads\Addition.txt
2013-11-23 12:56 - 2013-11-23 12:56 - 00000000 ____D C:\FRST
2013-11-23 12:18 - 2013-11-23 12:13 - 00111720 _____ C:\Users\Stephan\Downloads\OTL.Txt
2013-11-23 12:18 - 2013-11-23 12:13 - 00061092 _____ C:\Users\Stephan\Downloads\Extras.Txt
2013-11-23 12:08 - 2013-11-23 12:07 - 00602112 _____ (OldTimer Tools) C:\Users\Stephan\Downloads\OTL.exe
2013-11-22 20:51 - 2013-11-22 20:51 - 00000370 _____ C:\DelFix.txt
2013-11-22 20:41 - 2013-11-22 20:40 - 00000000 ____D C:\AdwCleaner
2013-11-21 20:04 - 2013-10-29 15:22 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-21 20:04 - 2013-10-29 15:08 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-21 19:45 - 2013-10-28 11:14 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-19 19:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-18 18:06 - 2013-10-27 22:15 - 00000000 ____D C:\Users\Stephan\Documents\4A Games
2013-11-18 17:57 - 2013-09-27 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 20:11 - 2013-09-27 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 19:50 - 2013-10-12 12:07 - 00000000 ____D C:\Users\Stephan\Documents\My Games
2013-11-11 19:23 - 2013-10-29 15:08 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-10 19:58 - 2013-10-12 11:55 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-11-10 19:58 - 2013-09-28 16:20 - 00058408 _____ C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 19:21 - 2009-07-14 05:45 - 00276584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-10 13:54 - 2013-11-10 13:54 - 00000000 ____D C:\Users\Stephan\Documents\Microsoft Hardware
2013-11-10 13:46 - 2013-11-10 13:46 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-11-10 13:46 - 2013-11-10 13:46 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-11-10 13:46 - 2013-11-10 13:45 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-11-10 13:44 - 2013-11-10 13:44 - 50249936 _____ (Microsoft Corporation) C:\Users\Stephan\Downloads\MouseKeyboardCenterx64_DEU_2.3.145.exe
2013-11-07 17:08 - 2013-11-07 17:08 - 00000000 ____D C:\Users\Stephan\Documents\BioWare
2013-11-07 15:44 - 2013-11-07 15:43 - 00000000 ____D C:\Users\Stephan\Desktop\Spiele
2013-11-06 18:38 - 2013-10-27 22:40 - 00007605 _____ C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg
2013-11-06 18:21 - 2013-11-06 18:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-04 21:17 - 2013-11-04 21:17 - 00000221 _____ C:\Users\Stephan\Desktop\Mass Effect 2.url
2013-11-02 13:15 - 2013-09-27 17:31 - 00000000 ____D C:\ProgramData\Ralink
2013-11-01 22:03 - 2013-09-27 17:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-01 21:08 - 2013-10-27 22:09 - 00000000 ____D C:\Users\Stephan\AppData\Local\4A Games
2013-11-01 18:38 - 2013-09-27 17:46 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-01 14:01 - 2013-09-27 17:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-01 14:00 - 2013-11-01 14:00 - 05309784 _____ (NVIDIA Corporation) C:\Users\Stephan\Downloads\NVIDIA_3DTV_Play_Activation_Utility.exe
2013-11-01 12:29 - 2013-09-27 17:31 - 00008075 _____ C:\Windows\system32\RaCoInst.log
2013-10-31 22:03 - 2013-10-31 22:02 - 02449112 _____ C:\Users\Stephan\Downloads\light normal walls 50pct opacity.zip
2013-10-31 22:00 - 2013-10-31 22:00 - 00000000 ____D C:\Users\Stephan\Downloads\sv_consistency Safe - Normal Translucent Walls 90 opacity
2013-10-31 22:00 - 2013-10-31 21:45 - 00000000 ____D C:\Users\Stephan\Desktop\materials original
2013-10-31 20:43 - 2013-10-31 20:43 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2013-10-31 20:43 - 2013-10-31 20:43 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-10-31 20:39 - 2013-10-31 20:39 - 00868848 _____ C:\Windows\system32\Drivers\sptd.sys
2013-10-31 20:39 - 2013-10-31 20:39 - 00000000 ____D C:\Program Files (x86)\Franzis
2013-10-31 19:16 - 2013-10-28 11:15 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Origin
2013-10-31 18:24 - 2013-10-12 12:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-10-29 15:42 - 2013-10-29 02:56 - 00000000 ____D C:\Users\Stephan\AppData\Local\Ubisoft Game Launcher
2013-10-29 15:22 - 2013-10-29 15:22 - 00000000 ____D C:\Users\Stephan\AppData\Local\PunkBuster
2013-10-29 15:21 - 2013-10-29 15:16 - 273827152 _____ (Ubisoft) C:\Users\Stephan\Downloads\farcry3_1.05.exe
2013-10-29 15:21 - 2013-10-29 15:16 - 231404576 _____ (Ubisoft) C:\Users\Stephan\Downloads\FarCry3_mp_dlc.exe
2013-10-29 15:08 - 2013-10-29 15:08 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-29 14:57 - 2013-10-29 02:56 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-29 14:57 - 2013-09-27 17:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-29 11:54 - 2013-10-29 11:54 - 00000221 _____ C:\Users\Stephan\Desktop\Metro Last Light.url
2013-10-29 11:54 - 2013-10-29 11:54 - 00000221 _____ C:\Users\Stephan\Desktop\Metro 2033.url
2013-10-29 11:54 - 2013-10-29 11:54 - 00000219 _____ C:\Users\Stephan\Desktop\Counter-Strike Source.url
2013-10-29 11:46 - 2013-10-29 11:46 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-29 02:56 - 2013-10-29 02:56 - 00001201 _____ C:\Users\Stephan\Desktop\Uplay.lnk
2013-10-29 02:56 - 2013-10-29 02:56 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-10-29 02:55 - 2013-10-29 02:55 - 61557616 _____ (Ubisoft) C:\Users\Stephan\Downloads\UplayInstaller.exe
2013-10-29 02:46 - 2013-10-28 11:13 - 00000052 _____ C:\Users\Stephan\Desktop\Neues Textdokument.txt
2013-10-29 02:39 - 2013-10-29 02:39 - 02326976 _____ (Beepa Pty Ltd) C:\Users\Stephan\Downloads\setup.exe
2013-10-29 02:17 - 2013-10-28 11:15 - 00000000 ____D C:\ProgramData\Origin
2013-10-29 02:17 - 2013-10-28 11:15 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-10-28 20:37 - 2013-10-28 20:37 - 00001038 _____ C:\Users\Public\Desktop\Crysis 3.lnk
2013-10-28 11:29 - 2013-10-28 11:28 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-28 11:28 - 2013-10-28 11:15 - 00000000 ____D C:\Users\Stephan\AppData\Local\Origin
2013-10-28 11:15 - 2013-10-28 11:15 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-10-28 11:14 - 2013-10-28 11:14 - 16957136 _____ (Electronic Arts, Inc.) C:\Users\Stephan\Downloads\OriginThinSetup.exe
2013-10-28 11:14 - 2013-10-28 11:14 - 00000032 _____ C:\Windows\setup.log
2013-10-28 11:14 - 2013-10-12 11:42 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-10-27 23:36 - 2013-10-20 11:01 - 00000000 ____D C:\Users\Stephan\AppData\Local\PMB Files
2013-10-27 22:42 - 2013-10-27 22:42 - 00000948 _____ C:\Users\Stephan\Desktop\Core Temp.lnk
2013-10-27 22:39 - 2013-10-27 22:39 - 00206065 _____ C:\Users\Stephan\Downloads\All_CPU47_Meter.zip
2013-10-27 22:03 - 2013-10-27 22:03 - 01984121 _____ C:\Users\Stephan\Downloads\cpu-z-167.zip
2013-10-27 22:03 - 2013-10-17 18:22 - 00000000 ____D C:\Users\Stephan\AppData\Local\Overwolf
2013-10-27 21:53 - 2013-10-27 21:53 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-27 19:57 - 2013-10-19 10:32 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\NVIDIA
2013-10-27 18:52 - 2013-10-27 18:40 - 314609573 _____ C:\Users\Stephan\Downloads\fear_update_de_100-107_108.zip
2013-10-27 18:37 - 2013-10-27 18:37 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-27 18:28 - 2013-10-27 18:28 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2013-10-27 18:25 - 2013-10-27 18:25 - 00000000 ____D C:\Program Files (x86)\Sierra
2013-10-27 18:18 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-10-27 15:17 - 2013-10-27 15:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-27 15:14 - 2013-10-27 15:14 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Amazon
2013-10-27 15:13 - 2013-10-27 15:13 - 02328864 _____ C:\Users\Stephan\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2013-10-27 15:13 - 2013-10-27 15:13 - 00000000 ____D C:\Users\Stephan\Documents\Amazon MP3
2013-10-27 15:13 - 2013-10-27 15:13 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-10-27 15:12 - 2013-10-20 11:01 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-27 15:08 - 2013-10-27 15:08 - 00000000 ____D C:\ProgramData\Overwolf
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 17:29
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2013 03
Ran by Stephan at 2013-11-24 11:10:57
Running from C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NOKXSV7
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Core Temp 1.0 RC6 (Version: 1.0)
Counter-Strike: Source (x32)
Crysis WARHEAD(R) (x32 Version: 1.0)
Crysis WARHEAD(R) (x32)
Crysis®3 (x32 Version: 1.0.0.0)
Extended Update (HKCU)
Far Cry 3 (x32 Version: 1.05)
FEAR (x32 Version: 1.00.0000)
Fraps (x32)
Google Update Helper (x32 Version: 1.3.23.0)
Hama Wireless LAN Adapter (x32 Version: 10.6.0)
League of Legends (x32 Version: 1.3)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect 2 (x32)
Metro 2033 (x32)
Metro: Last Light (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.145.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
Need for Speed: SHIFT (x32)
No More Room in Hell (x32)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
Origin (x32 Version: 9.3.10.4710)
Pando Media Booster (x32 Version: 2.6.0.9)
PunkBuster Services (x32 Version: 0.993)
SHIELD Streaming (Version: 1.05.28)
Skype™ 6.9 (x32 Version: 6.9.106)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13)
The Elder Scrolls V: Skyrim (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Uplay (x32 Version: 4.0)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
==================== Restore Points =========================
15-11-2013 16:25:54 Windows Update
22-11-2013 19:59:08 Windows Update
23-11-2013 12:56:45 zoek.exe restore point
23-11-2013 14:11:04 DirectX wurde installiert
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {26C0C854-4A5C-472C-A385-D8E2C144078E} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {374393B2-1605-499F-9C1E-27E123B53737} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
Task: {517B9211-BDFE-499E-B9A5-398BCC8373F4} - \UpdaterEX No Task File
Task: {63BB8884-D7D0-4AB9-9E86-BD64E3C86A3F} - \EPUpdater No Task File
Task: {816AA33C-D0F7-471F-8CC7-9E3CCAA5F2BC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
Task: {8D96D5DE-0E85-4E5E-83F3-A1B948690467} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-09-04] (Microsoft)
Task: {8E3CEADA-C7B5-457B-B64E-00D5563A9560} - System32\Tasks\{1F137FD5-92D6-4E08-BBC6-F74C5196FEEB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {94F9B013-8FB9-49C5-88F9-D853FA2C0919} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
Task: {D0D3E68C-D25D-4FA7-81B6-8A4F74D632E4} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {D312B760-2B86-4E94-8113-5D77B4069FE7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-15] (Adobe Systems Incorporated)
Task: {FDD34B0E-DD5B-4023-A4B8-CF015F8F1A2A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-10-27 22:39 - 2013-10-27 22:39 - 00012520 _____ () C:\Users\Stephan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.gadget\CoreTempReader.dll
2013-10-27 22:39 - 2013-10-27 22:39 - 00015080 _____ () C:\Users\Stephan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.gadget\GetCoreTempInfoNET.dll
2013-10-27 22:39 - 2013-10-27 22:39 - 00014056 _____ () C:\Users\Stephan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.gadget\SystemInfo.dll
2013-09-27 17:55 - 2013-09-27 17:55 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-16 17:01 - 2013-01-16 17:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2013-01-16 17:00 - 2013-01-16 17:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2013-01-16 17:01 - 2013-01-16 17:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2013-01-16 17:00 - 2013-01-16 17:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2013-01-16 17:01 - 2013-01-16 17:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2011-04-30 20:04 - 2011-04-30 20:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2013-09-27 17:31 - 2010-06-14 13:38 - 00984416 _____ () C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
2013-09-27 17:38 - 2013-11-17 20:11 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:966F7784
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/23/2013 03:34:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc541
Name des fehlerhaften Moduls: fraps64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x512c56bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000073a883d0
ID des fehlerhaften Prozesses: 0x6b0
Startzeit der fehlerhaften Anwendung: 0xDwm.exe0
Pfad der fehlerhaften Anwendung: Dwm.exe1
Pfad des fehlerhaften Moduls: Dwm.exe2
Berichtskennung: Dwm.exe3
System errors:
=============
Error: (11/23/2013 02:42:44 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (11/23/2013 02:01:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/23/2013 02:01:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/23/2013 02:01:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/23/2013 02:01:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/23/2013 02:01:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (11/23/2013 03:34:11 PM) (Source: Application Error)(User: )
Description: Dwm.exe6.1.7600.163854a5bc541fraps64.dll_unloaded0.0.0.0512c56bbc00000050000000073a883d06b001cee84c739a5771C:\Windows\system32\Dwm.exefraps64.dll514afa43-544c-11e3-8d70-99859127ecc0
==================== Memory info ===========================
Percentage of memory in use: 28%
Total physical RAM: 8168.95 MB
Available physical RAM: 5803.22 MB
Total Pagefile: 16336.07 MB
Available Pagefile: 13773.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:596.07 GB) (Free:427.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: F4A7822C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 11:12 on 24/11/2013 by Stephan
Administrator - Elevation successful
========== filefind ==========
Searching for "*websparkle*"
No files found.
Searching for "*BonanzaDeals*"
C:\AdwCleaner\Quarantine\C\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log.vir --a---- 749732 bytes [16:38 27/09/2013] [11:43 29/10/2013] 083271E2E5E81C8C23901140612FA481
Searching for "*DSearchLink*"
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir --a---- 154112 bytes [16:38 27/09/2013] [11:53 27/08/2013] 30B9BD7CD6F7A4395A22B5D8907F302C
Searching for "*BabSolution*"
No files found.
Searching for "*file scout*"
No files found.
Searching for "*smart pc cleaner*"
No files found.
Searching for "*UpdaterEX*"
C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\UpdaterEX.vir --a---- 3250 bytes [16:38 27/09/2013] [16:38 27/09/2013] 4E31AC57D9F643ACB08A0C0504E31DDF
C:\AdwCleaner\Quarantine\C\Windows\Tasks\UpdaterEX.job.vir --a---- 300 bytes [16:38 27/09/2013] [19:38 22/11/2013] 49071790EC3F040FE7791F4185AC978B
Searching for "*bProtector*"
No files found.
========== folderfind ==========
Searching for "*websparkle*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_WebSparkleuninst_bde7d69bdc2d3c91b42434e2f8461e6b63b6971_06907b28 d----c- [10:50 29/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_WebSparkleuninst_bde7d69bdc2d3c91b42434e2f8461e6b63b6971_13088738 d----c- [10:50 29/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_WebSparkleuninst_bde7d69bdc2d3c91b42434e2f8461e6b63b6971_06907b28 d----c- [10:50 29/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_WebSparkleuninst_bde7d69bdc2d3c91b42434e2f8461e6b63b6971_13088738 d----c- [10:50 29/10/2013]
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\extensions\firefox@websparkle.biz d------ [21:42 27/10/2013]
Searching for "*BonanzaDeals*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDeals d------ [19:41 22/11/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\BonanzaDealsLive d------ [19:41 22/11/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_10ba4d485c115d6891b3910ccf3e0614ee79714_00785f5e d----c- [17:55 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_01243d8c d----c- [23:05 27/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_062ee09e d----c- [11:04 12/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_06571f90 d----c- [10:29 12/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_08faab5b d----c- [17:21 27/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0966c235 d----c- [18:51 15/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0bf67cbd d----c- [14:25 25/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0c2aad2f d----c- [20:48 22/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0cb68d12 d----c- [13:42 10/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0cd6e84b d----c- [21:05 27/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0cda819d d----c- [14:10 27/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0de6bd65 d----c- [09:11 28/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0e9abf77 d----c- [16:04 22/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0f969491 d----c- [22:55 27/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0fc2aa04 d----c- [19:56 23/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_104eb0e7 d----c- [14:16 16/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_107a907b d----c- [17:45 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_10d2bd36 d----c- [09:29 20/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_1182d1fd d----c- [08:10 19/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_1196cdc9 d----c- [21:56 21/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_1242d74b d----c- [10:39 29/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_1292d6dd d----c- [19:26 13/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_129ea84f d----c- [16:12 25/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_133ab9fb d----c- [16:59 17/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_13b6aa13 d----c- [13:28 25/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_10ba4d485c115d6891b3910ccf3e0614ee79714_00785f5e d----c- [17:55 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_01243d8c d----c- [23:05 27/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_062ee09e d----c- [11:04 12/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_06571f90 d----c- [10:29 12/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_08faab5b d----c- [17:21 27/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0966c235 d----c- [18:51 15/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0bf67cbd d----c- [14:25 25/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0c2aad2f d----c- [20:48 22/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0cb68d12 d----c- [13:42 10/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0cd6e84b d----c- [21:05 27/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0cda819d d----c- [14:10 27/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0de6bd65 d----c- [09:11 28/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0e9abf77 d----c- [16:04 22/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0f969491 d----c- [22:55 27/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_0fc2aa04 d----c- [19:56 23/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_104eb0e7 d----c- [14:16 16/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_107a907b d----c- [17:45 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_10d2bd36 d----c- [09:29 20/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_1182d1fd d----c- [08:10 19/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_1196cdc9 d----c- [21:56 21/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_1242d74b d----c- [10:39 29/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_1292d6dd d----c- [19:26 13/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_129ea84f d----c- [16:12 25/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_133ab9fb d----c- [16:59 17/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_BonanzaDealsLive_dc92879be4db55308ff3d2a22781317b904118_13b6aa13 d----c- [13:28 25/10/2013]
Searching for "*DSearchLink*"
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink d------ [19:41 22/11/2013]
Searching for "*BabSolution*"
C:\AdwCleaner\Quarantine\C\Users\Stephan\AppData\Roaming\BabSolution d------ [19:41 22/11/2013]
Searching for "*file scout*"
C:\AdwCleaner\Quarantine\C\Users\Stephan\AppData\Roaming\file scout d------ [19:41 22/11/2013]
Searching for "*smart pc cleaner*"
C:\AdwCleaner\Quarantine\C\Users\Stephan\Documents\smart pc cleaner d------ [19:41 22/11/2013]
Searching for "*UpdaterEX*"
C:\AdwCleaner\Quarantine\C\Users\Stephan\AppData\Roaming\UpdaterEX d------ [19:41 22/11/2013]
Searching for "*bProtector*"
No folders found.
========== regfind ==========
Searching for "websparkle"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSparkle_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSparkle_RASMANCS]
Searching for "BonanzaDeals"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"PackageName"="BonanzaDealsLiveHelper.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"LastUsedSource"="n;1;C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"1"="C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"InstallSource"="C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Publisher"="BonanzaDeals"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallSource"="C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Publisher"="BonanzaDeals"
Searching for "DSearchLink"
No data found.
Searching for "BabSolution"
No data found.
Searching for "file scout"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\filescout\command]
@=""C:\Users\Stephan\AppData\Roaming\File Scout\filescout.exe" /sc "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@=""C:\Users\Stephan\AppData\Roaming\File Scout\filescout.exe" /open "%1""
Searching for "smart pc cleaner"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Smart PC Cleaner\SmartPCCleaner.exe"="RUNASADMIN ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-354402506-3592774248-4125264042-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Smart PC Cleaner\SmartPCCleaner.exe"="RUNASADMIN ELEVATECREATEPROCESS"
Searching for "UpdaterEX"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
"DisplayIcon"="C:\Users\Stephan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
"UninstallString"="C:\Users\Stephan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe /Uninstall"
[HKEY_CURRENT_USER\Software\UpdaterEX]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517B9211-BDFE-499E-B9A5-398BCC8373F4}]
"Path"="\UpdaterEX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX]
[HKEY_USERS\S-1-5-21-354402506-3592774248-4125264042-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
[HKEY_USERS\S-1-5-21-354402506-3592774248-4125264042-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
"DisplayIcon"="C:\Users\Stephan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe"
[HKEY_USERS\S-1-5-21-354402506-3592774248-4125264042-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
"UninstallString"="C:\Users\Stephan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe /Uninstall"
[HKEY_USERS\S-1-5-21-354402506-3592774248-4125264042-1000\Software\UpdaterEX]
Searching for "bProtector"
No data found.
-= EOF =-
|
|
24.11.2013, 12:23
| #10 |
| /// TB-Ausbilder | bProspector - wie richtig entfernen? Servus, Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
AppInit_DLLs: [ ] ()
FF Extension: WebSparkle - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\firefox@websparkle.biz
Task: {517B9211-BDFE-499E-B9A5-398BCC8373F4} - \UpdaterEX No Task File
Task: {63BB8884-D7D0-4AB9-9E86-BD64E3C86A3F} - \EPUpdater No Task File
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSparkle_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSparkle_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\filescout" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\UpdaterEX" /f
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
24.11.2013, 14:18
| #11 |
| | bProspector - wie richtig entfernen? Hallo, hier die Logs: FRST: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2013 03
Ran by Stephan at 2013-11-24 12:44:07 Run:1
Running from C:\Users\Stephan\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
AppInit_DLLs: [ ] ()
FF Extension: WebSparkle - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\firefox@websparkle.biz
Task: {517B9211-BDFE-499E-B9A5-398BCC8373F4} - \UpdaterEX No Task File
Task: {63BB8884-D7D0-4AB9-9E86-BD64E3C86A3F} - \EPUpdater No Task File
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSparkle_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSparkle_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\filescout" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\UpdaterEX" /f
end
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\Extensions\firefox@websparkle.biz => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{517B9211-BDFE-499E-B9A5-398BCC8373F4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517B9211-BDFE-499E-B9A5-398BCC8373F4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63BB8884-D7D0-4AB9-9E86-BD64E3C86A3F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63BB8884-D7D0-4AB9-9E86-BD64E3C86A3F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSparkle_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSparkle_RASAPI32" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSparkle_RASMANCS" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\filescout" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
========= reg delete "HKEY_CURRENT_USER\Software\UpdaterEX" /f =========
Der Vorgang wurde erfolgreich beendet.
========= End of Reg: =========
==== End of Fixlog ====
Code:
ATTFilter HitmanPro 3.7.8.208
www.hitmanpro.com
Computer name . . . . : STEPHANS-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Stephans-PC\Stephan
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-11-24 12:46:20
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 5s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 0
Traces . . . . . . . : 31
Objects scanned . . . : 1.238.120
Files scanned . . . . : 23.853
Remnants scanned . . : 380.295 files / 833.972 keys
Miniport ____________________________________________________________________
Primary
DriverObject . . . : FFFFFA8007B61E70
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFFA80079FE2C0 +0
Solution
DriverObject . . . : FFFFFA8007B61E70
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF88000DC84D8 \SystemRoot\system32\drivers\ataport.SYS+29912
Suspicious files ____________________________________________________________
C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
Size . . . . . . . : 953.886 bytes
Age . . . . . . . : 25.9 days (2013-10-29 15:22:42)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbags.dll
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\htm\
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\dll\
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\svlogs\
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\svss\
-0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
-0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbag.dll
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcl.db
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\scrnshot\
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
3.8s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbns.dat
3.9s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
6.2s C:\Windows\SysWOW64\PnkBstrB.xtr
7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
9.0s C:\Windows\System32\LogFiles\PunkBuster\PnkBstrB.log
12.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
12.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
Size . . . . . . . : 953.886 bytes
Age . . . . . . . : 25.9 days (2013-10-29 15:22:41)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-0.0s C:\Users\Stephan\AppData\Local\PunkBuster\
-0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\
-0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
-0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\
-0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
-0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbags.dll
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\htm\
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\dll\
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\svlogs\
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\svss\
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbag.dll
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcl.db
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\scrnshot\
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
0.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
3.9s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbns.dat
3.9s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
6.3s C:\Windows\SysWOW64\PnkBstrB.xtr
7.8s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.8s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.8s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.8s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.8s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
7.8s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
9.1s C:\Windows\System32\LogFiles\PunkBuster\PnkBstrB.log
12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Size . . . . . . . : 138.032 bytes
Age . . . . . . . : 25.9 days (2013-10-29 15:22:54)
Entropy . . . . . : 7.8
SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Forensic Cluster
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbags.dll
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\htm\
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\dll\
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\svlogs\
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\svss\
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
-12.2s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
-12.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
-12.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbag.dll
-12.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbcl.db
-12.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\scrnshot\
-12.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
-12.1s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
-8.3s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbns.dat
-8.3s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
-5.9s C:\Windows\SysWOW64\PnkBstrB.xtr
-4.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
-4.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
-4.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
-4.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
-4.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
-4.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_300E3B4CF5BE6AE01CD6E8C7B0100089
-3.1s C:\Windows\System32\LogFiles\PunkBuster\PnkBstrB.log
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
0.0s C:\Users\Stephan\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Potential Unwanted Programs _________________________________________________
HKU\.DEFAULT\Software\Delta\ (SpeedUpMyPC) -> Deleted
HKU\.DEFAULT\Software\Delta\delta\ (Delta Search)
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}\ (Delta Search) -> Deleted
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ (Claro) -> Deleted
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\ (Delta Search) -> Deleted
HKU\.DEFAULT\Software\Wajam\ (Claro) -> Deleted
HKU\S-1-5-18\Software\Delta\ (SpeedUpMyPC) -> PendingDelete
HKU\S-1-5-18\Software\Delta\delta\ (Delta Search)
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}\ (Delta Search) -> PendingDelete
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ (Claro) -> PendingDelete
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\ (Delta Search) -> PendingDelete
HKU\S-1-5-18\Software\Wajam\ (Claro) -> PendingDelete
HKU\S-1-5-21-354402506-3592774248-4125264042-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
Cookies _____________________________________________________________________
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\2IFE1PUJ.txt
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Cookies\stephan@doubleclick[1].txt
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:de.sitestat.com
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:doubleclick.net
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:eaeacom.112.2o7.net
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:paypal.112.2o7.net
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:stat.dealtime.com
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:statcounter.com
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:stats.computecmedia.de
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:stats.globalgameport.com
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:stats.paypal.com
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:track.blogcounter.de
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:uk.sitestat.com
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:www.etracker.de
C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\el4enbqt.default\cookies.sqlite:xiti.com
ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=75bef74446015744b38e25f79bc9c1f4
# engine=16006
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-24 12:55:12
# local_time=2013-11-24 01:55:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 13838 4996892 6614 0
# compatibility_mode=5893 16776574 100 94 4831831 136927562 0 0
# scanned=170650
# found=0
# cleaned=0
# scan_time=2540
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
25.11.2013, 16:09
| #12 |
| /// TB-Ausbilder | bProspector - wie richtig entfernen? Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
25.11.2013, 20:08
| #13 |
| | bProspector - wie richtig entfernen? Vielen Dank für die viele Mühe! Super Sache was ihr hier macht ;-) |
|
26.11.2013, 19:09
| #14 |
| /// TB-Ausbilder | bProspector - wie richtig entfernen? Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
