TR/Wysotot.Gen eingefangen

lyara · 11.12.2013, 22:29

Hallo,

ich hoffe, ich mach jetzt hier alles richtig, wenn nicht, weist mich bitte darauf hin, bin ganz neu, hab mich extra für mein kleines Problem angemeldet.
Also: Ich habe vorhin versucht mir die Virtualbox herunterzuladen, um mir eine virtuelle Maschine für XP zu erstellen. Wollte gerne noch was fürs Studium machen und der dafür benötigte Compiler läuft nur dadrauf.

Allerdings bin ich erst gar nicht bis zu dem Compiler gekommen.
Nachdem ich mir zuerst die normale Virtualbox heruntergeladen und danach wieder deinstalliert habe, weil ich die vmlite brauchte (ebenfalls heruntergeladen) habe ich dann eine Meldung von AntiVir bekommen, es wäre Malware gefunden worden.
Habe dann den Zugriff verweigert und es in die Quarantäne verschoben.
Darin sind jetzt fünf Dateien, 4 mal wie im Titel schon benannt "TR/Wysotot.Gen" und eine namens "ADWARE/Installcore.Gen".
Habe einen Screenshot in den Anhang gepackt (hoffentlich richtig?).

Ich habe dann im Internet schon mal geforstet, auch ein paar Sachen dazu gefunden, aber weiß jetzt nicht, was ich machen soll. Der Rechner (nebenbei bemerkt von meinem Freund) ist ziemlich neu und da noch nicht so viel drauf ist überlege ich, ob es das Sinnvollste wäre den PC einfach in den Auslieferungszustand zurück zu setzen oder ob es eine bessere Möglichkeit gibt.. Wenn ja, wie sähe diese aus?
Habe leider keine Ahnung von Viren und deren Behandlung.

Ich habe unten die Logs mit Funden für euch. Wie gesagt, es ist der PC von meinem Freund, benutze ihn selbst eigentlich nie... Was mit den Sachen von vorher ist, weiß ich also nicht.

Ich hoffe, mir kann schnell Jemand helfen.

Liebe Grüße
Sarah

Exportierte Ereignisse:

11.12.2013 21:43 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d2b6cca.qua'
verschoben!

11.12.2013 21:43 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Kian\AppData\Local\Temp\fullpackage_temp1384530672\tmp\eGdpSvc.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45a14306.qua'
verschoben!

11.12.2013 21:18 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\eSafe\eGdpSvc.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc\ImagePath> wurde
erfolgreich repariert.
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsysSvc\ImagePath> wurde
erfolgreich repariert.
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc\ImagePath> wurde
erfolgreich repariert.

11.12.2013 21:14 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\eSafe\eGdpSvc.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

06.12.2013 18:12 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

02.12.2013 23:14 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

02.12.2013 21:48 [Updater] Update nicht ausgeführt
Das Update von Computer KIAN-PC (127.0.0.1) von
"hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.

15.11.2013 19:41 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

15.11.2013 16:51 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

15.11.2013 16:51 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner

15.11.2013 16:51 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

cosinus · 11.12.2013, 23:18

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

lyara · 11.12.2013, 23:29

Danke erstmal für die schnelle Antwort!

Also, andere Logs habe ich nicht, ist auch kein Malwarebytes o.ä. installiert.

Das mit dem FRST hab ich jetzt mal gemacht und das kam dabei raus:

FRST.txt Inhalt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013
Ran by Kian (administrator) on KIAN-PC on 11-12-2013 23:24:22
Running from C:\Users\Kian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BonanzaDeals) C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\avrestart.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
(iMesh Inc) C:\Users\Kian\AppData\Local\Temp\~nsu.tmp\Au_.exe
(iMesh Inc) C:\Users\Kian\AppData\Local\Temp\~nsu.tmp\Au_.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh)
FF Extension: BonanzaDeals - C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}

Chrome: 
=======
CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Extended Protection) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (Google Search) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (BonanzaDeals) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0
CHR Extension: (Lightning Newtab) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0
CHR Extension: (Google Wallet) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-15] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-15] (BonanzaDeals)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-08-20] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-08-20] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30904 2013-08-20] (Razer Inc)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [135928 2013-05-14] (Ray Hinchliffe)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 23:24 - 2013-12-11 23:24 - 00015730 _____ C:\Users\Kian\Downloads\FRST.txt
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST
2013-12-11 23:23 - 2013-12-11 23:23 - 01926944 _____ (Farbar) C:\Users\Kian\Downloads\FRST64.exe
2013-12-11 23:22 - 2013-12-11 23:22 - 00001185 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Local\iMesh
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt
2013-12-11 21:34 - 2013-12-11 21:35 - 68253288 _____ (VMLite, Inc.) C:\Users\Kian\Downloads\VMLiteWorkstationSetup.exe
2013-12-11 20:59 - 2013-11-29 17:44 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-12-11 20:59 - 2013-11-29 17:43 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe
2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe
2013-12-06 19:50 - 2013-12-06 20:01 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2013-12-06 19:50 - 2013-12-06 20:01 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2013-12-06 19:49 - 2013-12-06 19:50 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-06 19:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-06 19:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-06 19:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-06 19:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-12-06 19:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-06 19:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-06 19:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-06 19:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-06 19:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-06 19:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-06 19:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-06 19:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-06 19:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-06 19:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-06 19:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-06 19:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-06 19:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-06 19:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-06 19:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-06 19:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-06 19:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-06 19:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-06 19:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-06 19:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-06 19:49 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-06 19:49 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-06 19:49 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-06 19:49 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-06 19:49 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-06 19:49 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-06 19:49 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-06 19:49 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-06 19:49 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-06 19:49 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-06 19:49 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-06 19:49 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-06 19:49 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-06 19:49 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-06 19:49 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-06 19:49 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-06 19:49 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-12-06 19:49 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-12-06 19:49 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-06 19:49 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-06 19:49 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-06 19:49 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-06 19:49 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-06 19:49 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-06 19:49 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-06 19:49 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-06 19:49 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-06 19:49 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-06 19:49 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-06 19:49 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-06 19:49 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-06 19:49 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-06 19:49 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-06 19:49 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-06 19:49 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-06 17:51 - 2013-12-06 20:59 - 00013978 _____ C:\Windows\IE11_main.log
2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-11-15 17:51 - 2013-12-11 21:50 - 00000097 _____ C:\Users\Kian\AppData\Roaming\WB.CFG
2013-11-15 17:51 - 2013-12-11 21:50 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT
2013-11-15 16:55 - 2013-11-15 16:55 - 00000000 ____D C:\Users\Kian\Documents\PC Speed Maximizer
2013-11-15 16:53 - 2013-11-15 16:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-15 16:53 - 2013-11-15 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-15 16:52 - 2013-10-12 03:31 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 16:52 - 2013-10-12 03:31 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 16:52 - 2013-10-12 03:31 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 16:52 - 2013-10-12 03:30 - 09071104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 16:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 16:52 - 2013-10-12 03:30 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 16:52 - 2013-10-12 03:30 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 16:52 - 2013-10-12 03:29 - 12295168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 16:52 - 2013-10-12 03:29 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 16:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 16:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 16:52 - 2013-10-12 03:29 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 16:52 - 2013-10-12 03:29 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 16:52 - 2013-10-12 03:04 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 16:52 - 2013-10-12 03:04 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 16:52 - 2013-10-12 03:04 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 16:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-15 16:52 - 2013-10-12 03:02 - 06038528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 16:52 - 2013-10-12 03:02 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 16:52 - 2013-10-12 03:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 16:52 - 2013-10-12 03:01 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 16:52 - 2013-10-12 03:01 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 16:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 16:52 - 2013-10-12 03:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 16:52 - 2013-10-12 03:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 16:52 - 2013-10-12 02:32 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 16:52 - 2013-10-12 02:15 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 16:52 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 16:52 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-15 16:52 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 16:52 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 16:52 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 16:52 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 16:52 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-15 16:52 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-15 16:52 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-15 16:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 16:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 16:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 16:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 16:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 16:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 16:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 16:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 16:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-15 16:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-15 16:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-15 16:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-15 16:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 16:52 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-15 16:52 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-15 16:52 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-15 16:52 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-15 16:52 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-15 16:52 - 2013-08-27 10:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-15 16:52 - 2013-08-27 10:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-15 16:52 - 2013-08-27 09:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-15 16:52 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-15 16:52 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-15 16:52 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-15 16:52 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-15 16:52 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-15 16:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-15 16:52 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-15 16:52 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-15 16:52 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-15 16:52 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-15 16:52 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-15 16:52 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-15 16:52 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-15 16:52 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-15 16:52 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-15 16:52 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-15 16:52 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-15 16:52 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-15 16:52 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-15 16:52 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-15 16:52 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-15 16:52 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-15 16:52 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-15 16:51 - 2013-12-11 22:56 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-11-15 16:51 - 2013-12-11 22:51 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-11-15 16:51 - 2013-12-11 21:18 - 00000000 ____D C:\ProgramData\eSafe
2013-11-15 16:51 - 2013-12-11 20:44 - 00000918 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-11-15 16:51 - 2013-11-15 16:51 - 00003918 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-11-15 16:51 - 2013-11-15 16:51 - 00003666 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-11-15 16:51 - 2013-11-15 16:51 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-11-15 16:51 - 2013-11-15 16:51 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\SumatraPDF
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\DigitalSite
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\aartemis
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Local\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\PDFReader
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-15 16:51 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-15 16:51 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-15 16:51 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-15 16:51 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-15 16:51 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-15 16:51 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-15 16:51 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-15 16:51 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-15 16:51 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-15 16:51 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-15 16:51 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-15 16:51 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-15 16:51 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-15 16:51 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-15 16:51 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-15 16:51 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-15 16:51 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-15 16:51 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-15 16:51 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-15 16:50 - 2013-11-15 16:50 - 01308056 _____ C:\Users\Kian\Downloads\PDFReaderSetup.exe
2013-11-15 16:47 - 2013-11-15 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-12-11 23:24 - 2013-12-11 23:24 - 00015730 _____ C:\Users\Kian\Downloads\FRST.txt
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST
2013-12-11 23:23 - 2013-12-11 23:23 - 01926944 _____ (Farbar) C:\Users\Kian\Downloads\FRST64.exe
2013-12-11 23:22 - 2013-12-11 23:22 - 00001185 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Local\iMesh
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-11 23:05 - 2013-07-10 12:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 22:58 - 2013-08-15 22:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 22:56 - 2013-11-15 16:51 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-12-11 22:51 - 2013-11-15 16:51 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-12-11 22:04 - 2013-08-15 20:40 - 01586675 _____ C:\Windows\WindowsUpdate.log
2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt
2013-12-11 21:50 - 2013-11-15 17:51 - 00000097 _____ C:\Users\Kian\AppData\Roaming\WB.CFG
2013-12-11 21:50 - 2013-11-15 17:51 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT
2013-12-11 21:35 - 2013-12-11 21:34 - 68253288 _____ (VMLite, Inc.) C:\Users\Kian\Downloads\VMLiteWorkstationSetup.exe
2013-12-11 21:31 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Kian
2013-12-11 21:18 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\eSafe
2013-12-11 21:05 - 2013-07-10 12:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 21:05 - 2013-07-10 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 21:05 - 2013-07-10 12:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 20:58 - 2013-08-15 22:28 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 20:53 - 2013-08-15 22:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-11 20:53 - 2013-08-15 22:28 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-11 20:52 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 20:52 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 20:50 - 2013-08-22 17:34 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-11 20:49 - 2009-07-14 05:51 - 02367344 _____ C:\Windows\setupact.log
2013-12-11 20:48 - 2010-11-21 07:50 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-12-11 20:48 - 2010-11-21 07:50 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-12-11 20:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 20:44 - 2013-11-15 16:51 - 00000918 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-12-11 20:44 - 2013-08-15 19:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-12-11 20:44 - 2010-11-21 04:47 - 00125788 _____ C:\Windows\PFRO.log
2013-12-11 20:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-06 20:59 - 2013-12-06 17:51 - 00013978 _____ C:\Windows\IE11_main.log
2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe
2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe
2013-12-06 20:01 - 2013-12-06 19:50 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2013-12-06 20:01 - 2013-12-06 19:50 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2013-12-06 19:50 - 2013-12-06 19:49 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-06 19:50 - 2013-08-15 16:42 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-06 19:49 - 2013-04-23 09:05 - 00044654 _____ C:\Windows\DirectX.log
2013-12-06 18:51 - 2013-08-15 15:42 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-06 17:56 - 2013-08-15 22:30 - 00002368 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 23:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-02 21:48 - 2009-07-14 05:45 - 00292904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-29 17:44 - 2013-12-11 20:59 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-11-29 17:43 - 2013-12-11 20:59 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-11-15 20:12 - 2013-09-26 14:37 - 01590298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-15 20:10 - 2013-08-22 17:58 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 16:56 - 2013-11-15 16:53 - 00000000 ____D C:\ProgramData\Adobe
2013-11-15 16:55 - 2013-11-15 16:55 - 00000000 ____D C:\Users\Kian\Documents\PC Speed Maximizer
2013-11-15 16:55 - 2013-07-10 12:02 - 00000000 ____D C:\Users\Kian\AppData\Local\Adobe
2013-11-15 16:55 - 2013-06-08 11:45 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Adobe
2013-11-15 16:54 - 2013-09-22 15:21 - 00000000 ____D C:\Users\Kian\Desktop\Schutz
2013-11-15 16:53 - 2013-11-15 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-15 16:51 - 2013-11-15 16:51 - 00003918 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-11-15 16:51 - 2013-11-15 16:51 - 00003666 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-11-15 16:51 - 2013-11-15 16:51 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-11-15 16:51 - 2013-11-15 16:51 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\SumatraPDF
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\DigitalSite
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\aartemis
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Local\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\PDFReader
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-15 16:51 - 2013-08-15 22:19 - 00001632 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-15 16:51 - 2013-08-15 22:19 - 00001610 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-15 16:50 - 2013-11-15 16:50 - 01308056 _____ C:\Users\Kian\Downloads\PDFReaderSetup.exe
2013-11-15 16:47 - 2013-11-15 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan

Some content of TEMP:
====================
C:\Users\Kian\AppData\Local\Temp\avgnt.exe
C:\Users\Kian\AppData\Local\Temp\Gw2.exe
C:\Users\Kian\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 23:14

==================== End Of Log ============================

--- --- ---

Addition.txt Inhalt:

Code:

ATTFilter

==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 16285.32 MB
Available physical RAM: 12753.17 MB
Total Pagefile: 32568.81 MB
Available Pagefile: 28505.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:742.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 11.12.2013, 23:35

Das additions.txt Log ist leider unvollständig

lyara · 11.12.2013, 23:41

Also, hier nochmal, ich glaube aber, dass sie nicht anders ist, oder?
Hab alles raus kopiert, mehr ist nicht da... :/

EDIT: Okay, sieht doch anders aus, ich hoffe jetzt stimmts? Komisch, hab eben alles genau so gemacht...

Code:

ATTFilter

==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 16285.32 MB
Available physical RAM: 12753.17 MB
Total Pagefile: 32568.81 MB
Available Pagefile: 28505.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:742.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 16285.32 MB
Available physical RAM: 12897.18 MB
Total Pagefile: 32568.81 MB
Available Pagefile: 28637.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:5.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:742.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 11.12.2013, 23:51

Hm..ich glaub FRST hat gerade nen Fehler...lad FRST morgen nochmal neu runter und erstell die Logs mit der neuen FRST-Version nochmal. Haken setzen bei additions.txt nicht vergessen.

lyara · 12.12.2013, 22:16

Der Haken war gesetzt... Hab es auch grade nochmal probiert, kam wieder das gleiche raus. Dann probier ich es morgen noch mal.

Also, habe es heute nochmal probiert

Hier das Ergebnis:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013 02
Ran by Kian (administrator) on KIAN-PC on 12-12-2013 22:14:26
Running from C:\Users\Kian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(BonanzaDeals) C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: BonanzaDeals - C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}

Chrome: 
=======
CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4
CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Extended Protection) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (Google Search) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (BonanzaDeals) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0
CHR Extension: (Lightning Newtab) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0
CHR Extension: (Google Wallet) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-15] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-15] (BonanzaDeals)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-08-20] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-08-20] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30904 2013-08-20] (Razer Inc)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [135928 2013-05-14] (Ray Hinchliffe)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 22:14 - 2013-12-12 22:14 - 00015164 _____ C:\Users\Kian\Downloads\FRST.txt
2013-12-12 22:12 - 2013-12-12 22:12 - 01927290 _____ (Farbar) C:\Users\Kian\Downloads\FRST64.exe
2013-12-12 00:00 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 00:00 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 00:00 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 00:00 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1
2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt
2013-12-11 20:59 - 2013-11-29 17:44 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-12-11 20:59 - 2013-11-29 17:43 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-12-11 20:49 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 20:49 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 20:49 - 2013-11-02 03:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 20:49 - 2013-11-02 03:28 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 20:49 - 2013-11-02 03:28 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 20:49 - 2013-11-02 03:26 - 09073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 20:49 - 2013-11-02 03:26 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 20:49 - 2013-11-02 03:26 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 20:49 - 2013-11-02 03:25 - 12295168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 20:49 - 2013-11-02 03:25 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 20:49 - 2013-11-02 03:25 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 20:49 - 2013-11-02 03:25 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 20:49 - 2013-11-02 03:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 20:49 - 2013-11-02 03:07 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 20:49 - 2013-11-02 03:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-11 20:49 - 2013-11-02 03:04 - 06039552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 20:49 - 2013-11-02 03:04 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-11 20:49 - 2013-11-02 03:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-11 20:49 - 2013-11-02 03:04 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 20:49 - 2013-11-02 03:03 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 20:49 - 2013-11-02 03:03 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 20:49 - 2013-11-02 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 20:49 - 2013-11-02 02:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 20:49 - 2013-11-02 02:13 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 20:49 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 20:49 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 20:49 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 20:49 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 20:49 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 20:49 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 20:49 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 20:49 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 20:49 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 20:49 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 20:49 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 20:49 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 20:49 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 20:49 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 20:49 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe
2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe
2013-12-06 19:50 - 2013-12-06 20:01 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2013-12-06 19:50 - 2013-12-06 20:01 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2013-12-06 19:49 - 2013-12-06 19:50 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-06 19:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-06 19:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-06 19:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-06 19:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-12-06 19:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-06 19:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-06 19:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-06 19:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-06 19:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-06 19:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-06 19:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-06 19:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-06 19:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-06 19:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-06 19:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-06 19:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-06 19:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-06 19:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-06 19:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-06 19:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-06 19:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-06 19:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-06 19:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-06 19:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-06 19:49 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-06 19:49 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-06 19:49 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-06 19:49 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-06 19:49 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-06 19:49 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-06 19:49 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-06 19:49 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-06 19:49 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-06 19:49 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-06 19:49 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-06 19:49 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-06 19:49 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-06 19:49 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-06 19:49 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-06 19:49 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-06 19:49 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-12-06 19:49 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-12-06 19:49 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-06 19:49 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-06 19:49 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-06 19:49 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-06 19:49 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-06 19:49 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-06 19:49 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-06 19:49 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-06 19:49 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-06 19:49 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-06 19:49 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-06 19:49 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-06 19:49 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-06 19:49 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-06 19:49 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-06 19:49 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-06 19:49 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-06 17:51 - 2013-12-06 20:59 - 00013978 _____ C:\Windows\IE11_main.log
2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-11-15 17:51 - 2013-12-11 21:50 - 00000097 _____ C:\Users\Kian\AppData\Roaming\WB.CFG
2013-11-15 17:51 - 2013-12-11 21:50 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT
2013-11-15 16:55 - 2013-11-15 16:55 - 00000000 ____D C:\Users\Kian\Documents\PC Speed Maximizer
2013-11-15 16:53 - 2013-11-15 16:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-15 16:53 - 2013-11-15 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-15 16:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 16:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 16:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 16:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-15 16:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 16:52 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 16:52 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-15 16:52 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 16:52 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 16:52 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 16:52 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 16:52 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-15 16:52 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-15 16:52 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-15 16:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 16:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 16:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 16:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 16:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 16:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 16:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 16:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 16:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-15 16:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-15 16:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-15 16:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-15 16:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 16:52 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-15 16:52 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-15 16:52 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-15 16:52 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-15 16:52 - 2013-08-27 10:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-15 16:52 - 2013-08-27 10:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-15 16:52 - 2013-08-27 09:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-15 16:52 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-15 16:52 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-15 16:52 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-15 16:52 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-15 16:52 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-15 16:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-15 16:52 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-15 16:52 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-15 16:52 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-15 16:52 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-15 16:52 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-15 16:52 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-15 16:52 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-15 16:52 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-15 16:52 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-15 16:52 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-15 16:52 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-15 16:52 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-15 16:52 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-15 16:52 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-15 16:52 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-15 16:52 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-15 16:52 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-15 16:51 - 2013-12-12 22:04 - 00000918 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-11-15 16:51 - 2013-12-11 23:56 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-11-15 16:51 - 2013-12-11 23:51 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-11-15 16:51 - 2013-12-11 21:18 - 00000000 ____D C:\ProgramData\eSafe
2013-11-15 16:51 - 2013-11-15 16:51 - 00003918 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-11-15 16:51 - 2013-11-15 16:51 - 00003666 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-11-15 16:51 - 2013-11-15 16:51 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-11-15 16:51 - 2013-11-15 16:51 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\SumatraPDF
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\DigitalSite
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\aartemis
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Local\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\PDFReader
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-15 16:51 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-15 16:51 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-15 16:51 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-15 16:51 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-15 16:51 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-15 16:51 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-15 16:51 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-15 16:51 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-15 16:51 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-15 16:51 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-15 16:51 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-15 16:51 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-15 16:51 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-15 16:51 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-15 16:51 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-15 16:51 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-15 16:51 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-15 16:51 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-15 16:51 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-15 16:50 - 2013-11-15 16:50 - 01308056 _____ C:\Users\Kian\Downloads\PDFReaderSetup.exe
2013-11-15 16:47 - 2013-11-15 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-12-12 22:14 - 2013-12-12 22:14 - 00015164 _____ C:\Users\Kian\Downloads\FRST.txt
2013-12-12 22:12 - 2013-12-12 22:12 - 01927290 _____ (Farbar) C:\Users\Kian\Downloads\FRST64.exe
2013-12-12 22:09 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 22:09 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 22:08 - 2013-08-15 20:40 - 01910608 _____ C:\Windows\WindowsUpdate.log
2013-12-12 22:08 - 2010-11-21 07:50 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-12-12 22:08 - 2010-11-21 07:50 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-12-12 22:08 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 22:06 - 2009-07-14 05:51 - 02437187 _____ C:\Windows\setupact.log
2013-12-12 22:05 - 2013-07-10 12:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 22:04 - 2013-11-15 16:51 - 00000918 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-12-12 22:04 - 2013-08-15 22:28 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 22:04 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 22:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 22:04 - 2009-07-14 05:45 - 00292904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 23:58 - 2013-08-15 22:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 23:56 - 2013-11-15 16:51 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-12-11 23:51 - 2013-11-15 16:51 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1
2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt
2013-12-11 21:50 - 2013-11-15 17:51 - 00000097 _____ C:\Users\Kian\AppData\Roaming\WB.CFG
2013-12-11 21:50 - 2013-11-15 17:51 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT
2013-12-11 21:31 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Kian
2013-12-11 21:18 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\eSafe
2013-12-11 21:05 - 2013-07-10 12:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 21:05 - 2013-07-10 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 21:05 - 2013-07-10 12:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 20:53 - 2013-08-15 22:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-11 20:53 - 2013-08-15 22:28 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-11 20:50 - 2013-08-22 17:34 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-11 20:44 - 2013-08-15 19:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-12-11 20:44 - 2010-11-21 04:47 - 00125788 _____ C:\Windows\PFRO.log
2013-12-06 20:59 - 2013-12-06 17:51 - 00013978 _____ C:\Windows\IE11_main.log
2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe
2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe
2013-12-06 20:01 - 2013-12-06 19:50 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2013-12-06 20:01 - 2013-12-06 19:50 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2013-12-06 19:50 - 2013-12-06 19:49 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-06 19:50 - 2013-08-15 16:42 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-06 19:49 - 2013-04-23 09:05 - 00044654 _____ C:\Windows\DirectX.log
2013-12-06 18:51 - 2013-08-15 15:42 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-06 17:56 - 2013-08-15 22:30 - 00002368 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-02 23:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-29 17:44 - 2013-12-11 20:59 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-11-29 17:43 - 2013-12-11 20:59 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-11-15 20:12 - 2013-09-26 14:37 - 01590298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-15 20:10 - 2013-08-22 17:58 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 16:56 - 2013-11-15 16:53 - 00000000 ____D C:\ProgramData\Adobe
2013-11-15 16:55 - 2013-11-15 16:55 - 00000000 ____D C:\Users\Kian\Documents\PC Speed Maximizer
2013-11-15 16:55 - 2013-07-10 12:02 - 00000000 ____D C:\Users\Kian\AppData\Local\Adobe
2013-11-15 16:55 - 2013-06-08 11:45 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Adobe
2013-11-15 16:54 - 2013-09-22 15:21 - 00000000 ____D C:\Users\Kian\Desktop\Schutz
2013-11-15 16:53 - 2013-11-15 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-15 16:51 - 2013-11-15 16:51 - 00003918 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-11-15 16:51 - 2013-11-15 16:51 - 00003666 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-11-15 16:51 - 2013-11-15 16:51 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-11-15 16:51 - 2013-11-15 16:51 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\SumatraPDF
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\DigitalSite
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\aartemis
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Local\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\PDFReader
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-15 16:51 - 2013-08-15 22:19 - 00001632 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-15 16:51 - 2013-08-15 22:19 - 00001610 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-15 16:50 - 2013-11-15 16:50 - 01308056 _____ C:\Users\Kian\Downloads\PDFReaderSetup.exe
2013-11-15 16:47 - 2013-11-15 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-12 03:23 - 2013-12-11 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-11-12 03:07 - 2013-12-11 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

Some content of TEMP:
====================
C:\Users\Kian\AppData\Local\Temp\avgnt.exe
C:\Users\Kian\AppData\Local\Temp\Gw2.exe
C:\Users\Kian\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 23:14

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-12-2013 02
Ran by Kian at 2013-12-12 22:14:49
Running from C:\Users\Kian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

aartemis Browser Protecter (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.16.2.0)
Avira Free Antivirus (x32 Version: 14.0.1.759)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlefield 4™ (x32 Version: 1.0.0.1)
Battlelog Web Plugins (x32 Version: 2.3.2)
Bonanza Deals (remove only) (x32 Version: 5.0.1.0) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
D3DX10 (x32 Version: 15.4.2368.0902)
Drakensang - Am Fluss der Zeit (x32)
ESN Sonar (x32 Version: 0.70.4)
Fotogalerie (x32 Version: 16.4.3503.0728)
Galería de fotos (x32 Version: 16.4.3503.0728)
Galeria fotografii (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
Guild Wars 2 (x32)
Junk Mail filter update (x32 Version: 16.4.3503.0728)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 15.0.4454.1510)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
NVIDIA PhysX (x32 Version: 9.10.0513)
Origin (x32 Version: 8.5.0.4518)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Poczta usługi Windows Live (x32 Version: 16.4.3503.0728)
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728)
PunkBuster Services (x32 Version: 0.993)
Raccolta foto (x32 Version: 16.4.3503.0728)
Razer Synapse 2.0 (x32 Version: 1.13.1)
Realtek Ethernet Controller Driver (x32 Version: 7.61.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Two Worlds II (x32 Version: 1.3.2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for PDF Reader (HKCU)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Family Safety (Version: 16.4.3503.0728)
Windows Live Family Safety (x32 Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Mail (x32 Version: 16.4.3503.0728)
Windows Live Messenger (x32 Version: 16.4.3503.0728)
Windows Live MIME IFilter (Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Windows Live Writer (x32 Version: 16.4.3503.0728)
Windows Live Writer Resources (x32 Version: 16.4.3503.0728)
Wsys Control 15.2.1.2652 (x32 Version: 15.2.1.2652) <==== ATTENTION

==================== Restore Points  =========================

06-12-2013 16:50:53 Windows Update
06-12-2013 18:49:05 DirectX wurde installiert
06-12-2013 18:49:44 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
06-12-2013 18:49:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
06-12-2013 19:59:02 Windows Update
11-12-2013 19:54:34 Windows-Sicherung
11-12-2013 19:57:22 Installed Oracle VM VirtualBox 4.3.4
11-12-2013 20:15:13 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
11-12-2013 20:15:24 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
11-12-2013 20:15:44 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
11-12-2013 20:16:27 Removed Oracle VM VirtualBox 4.3.4
11-12-2013 20:39:21 Installed VMLite Workstation
11-12-2013 22:59:46 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {78D933BF-1EA0-404F-B143-CA40DFB442C9} - System32\Tasks\DigitalSite => C:\Users\Kian\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {8334ED72-F9DF-4506-96A4-0AA454D74025} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-15] (BonanzaDeals) <==== ATTENTION
Task: {95A5714F-11EC-4D0C-91E2-A5775FBAA34A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)
Task: {A71306E9-AB61-4332-97D9-E4A7000017CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)
Task: {B98C1B95-AA69-45D4-8AC0-51E05383A294} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {D0E47C5E-949E-4DA4-A85F-CB91BFCEA8C7} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-15] (BonanzaDeals) <==== ATTENTION
Task: {F2B1FED7-170F-4580-A842-C372CD0294F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Kian\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-22 17:32 - 2013-07-18 07:02 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-12-06 17:56 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 17:56 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 17:56 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 17:56 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 17:56 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 17:56 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2013 10:06:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 10:04:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0xad4
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (12/11/2013 08:46:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 08:44:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xdf0
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (12/11/2013 08:44:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0x508
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3

Error: (12/06/2013 06:47:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2013 05:49:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2013 05:45:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xe14
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (12/02/2013 10:05:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:49:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/12/2013 10:03:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (12/11/2013 09:56:32 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/11/2013 09:56:32 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/11/2013 09:56:22 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/11/2013 09:56:21 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/11/2013 09:18:55 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Wsys Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/06/2013 08:59:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme

Error: (12/06/2013 08:56:33 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/06/2013 08:56:32 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/06/2013 08:56:22 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (12/12/2013 10:06:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 10:04:36 PM) (Source: Application Error)(User: )
Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea19ad401cef77dc21a7125C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe00fed049-6371-11e3-9811-60a44c6116a9

Error: (12/11/2013 08:46:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 08:44:44 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487df001cef6a96d555e9eC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeaed901ce-629c-11e3-a3e1-60a44c6116a9

Error: (12/11/2013 08:44:43 PM) (Source: Application Error)(User: )
Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea1950801cef6a96709db12C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exeadbb5cae-629c-11e3-a3e1-60a44c6116a9

Error: (12/06/2013 06:47:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2013 05:49:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2013 05:45:07 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487e1401cef2a2820240ceC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exec2eb2a8d-5e95-11e3-8bac-60a44c6116a9

Error: (12/02/2013 10:05:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:49:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-12-11 20:44:30.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 20:55:04.047
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 20:46:35.090
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 20:10:58.444
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 19:50:21.439
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 18:57:24.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-15 20:07:36.783
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-15 19:41:48.160
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-15 19:22:57.608
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-15 19:03:05.264
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 16285.32 MB
Available physical RAM: 13701.6 MB
Total Pagefile: 32568.81 MB
Available Pagefile: 29544.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:4.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:742.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 13.12.2013, 14:56

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

lyara · 16.12.2013, 21:52

Werde ich heute sobald ich zuhause bin machen, war das ganze Wochenende arbeiten, daher erst jetzt eine Antwort von mir

Hallo

Also, ich habe grade alles durchgeführt wie beschrieben, aber als der Scan fertig war, wurde mir angezeigt es sei keine Malware vorhanden!
Ist das jetzt gut oder schlecht?

cosinus · 16.12.2013, 22:20

Bitte das Log posten

lyara · 16.12.2013, 22:28

Oh Entschuldigung, ich dachte das würde nicht viel nutzen, wenn nichts gefunden wurde

Also hier das Log:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kian :: KIAN-PC [administrator]

16.12.2013 21:45:58
mbar-log-2013-12-16 (21-45-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 218621
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 16.12.2013, 23:28

So ein Log enthält nun mal ein paar mehr Infos als nur Fund oder kein Fund zB sieht man ob du aktuelle Signaturen hattest oder nicht.

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

lyara · 16.12.2013, 23:45

AdwCleaner Log:

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 16/12/2013 um 23:32:33
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Kian - KIAN-PC
# Gestartet von : C:\Users\Kian\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : bonanzadealslive
[#] Dienst Gelöscht : bonanzadealslivem

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
[!] Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Kian\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Kian\AppData\Roaming\aartemis
Ordner Gelöscht : C:\Users\Kian\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Ordner Gelöscht : C:\Users\Kian\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
Ordner Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Ordner Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Datei Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gelöscht : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Datei Gelöscht : C:\Windows\Tasks\digitalsite.job
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aartemis Browser Protecter
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [15503 octets] - [16/12/2013 23:31:57]
AdwCleaner[S0].txt - [13265 octets] - [16/12/2013 23:32:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13326 octets] ##########

JRT Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kian on 16.12.2013 at 23:37:48,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Kian\appdata\local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.12.2013 at 23:41:42,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by Kian (administrator) on KIAN-PC on 16-12-2013 23:44:26
Running from C:\Users\Kian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-08-20] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-08-20] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30904 2013-08-20] (Razer Inc)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [135928 2013-05-14] (Ray Hinchliffe)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-16 23:43 - 2013-12-16 23:44 - 00010566 _____ C:\Users\Kian\Desktop\FRST.txt
2013-12-16 23:43 - 2013-12-16 23:43 - 01927940 _____ (Farbar) C:\Users\Kian\Desktop\FRST64.exe
2013-12-16 23:41 - 2013-12-16 23:41 - 00001077 _____ C:\Users\Kian\Desktop\JRT.txt
2013-12-16 23:37 - 2013-12-16 23:37 - 01034531 _____ (Thisisu) C:\Users\Kian\Desktop\JRT.exe
2013-12-16 23:37 - 2013-12-16 23:37 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 23:31 - 2013-12-16 23:32 - 00000000 ____D C:\AdwCleaner
2013-12-16 23:31 - 2013-12-16 23:31 - 01226750 _____ C:\Users\Kian\Desktop\adwcleaner.exe
2013-12-16 21:45 - 2013-12-16 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-16 21:45 - 2013-12-16 22:08 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-16 21:45 - 2013-12-16 21:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-16 21:43 - 2013-12-16 22:26 - 00000000 ____D C:\Users\Kian\Desktop\mbar
2013-12-16 21:43 - 2013-12-16 22:08 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-16 21:42 - 2013-12-16 21:42 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Kian\Desktop\mbar-1.07.0.1008.exe
2013-12-12 00:00 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 00:00 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 00:00 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 00:00 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1
2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt
2013-12-11 20:59 - 2013-11-29 17:44 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-12-11 20:59 - 2013-11-29 17:43 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-12-11 20:49 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 20:49 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 20:49 - 2013-11-02 03:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 20:49 - 2013-11-02 03:28 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 20:49 - 2013-11-02 03:28 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 20:49 - 2013-11-02 03:26 - 09073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 20:49 - 2013-11-02 03:26 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 20:49 - 2013-11-02 03:26 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 20:49 - 2013-11-02 03:25 - 12295168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 20:49 - 2013-11-02 03:25 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 20:49 - 2013-11-02 03:25 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 20:49 - 2013-11-02 03:25 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 20:49 - 2013-11-02 03:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 20:49 - 2013-11-02 03:07 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 20:49 - 2013-11-02 03:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-11 20:49 - 2013-11-02 03:04 - 06039552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 20:49 - 2013-11-02 03:04 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-11 20:49 - 2013-11-02 03:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-11 20:49 - 2013-11-02 03:04 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 20:49 - 2013-11-02 03:03 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 20:49 - 2013-11-02 03:03 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 20:49 - 2013-11-02 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 20:49 - 2013-11-02 02:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 20:49 - 2013-11-02 02:13 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 20:49 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 20:49 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 20:49 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 20:49 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 20:49 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 20:49 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 20:49 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 20:49 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 20:49 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 20:49 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 20:49 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 20:49 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 20:49 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 20:49 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 20:49 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe
2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe
2013-12-06 19:50 - 2013-12-06 20:01 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2013-12-06 19:50 - 2013-12-06 20:01 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2013-12-06 19:49 - 2013-12-06 19:50 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-06 19:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-06 19:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-06 19:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-06 19:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-06 19:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-06 19:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-06 19:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-06 19:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-06 19:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-06 19:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-06 19:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-06 19:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-06 19:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-06 19:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-06 19:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-12-06 19:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-06 19:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-06 19:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-06 19:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-06 19:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-06 19:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-06 19:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-06 19:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-06 19:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-06 19:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-06 19:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-06 19:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-06 19:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-06 19:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-06 19:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-06 19:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-06 19:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-06 19:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-06 19:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-06 19:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-06 19:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-06 19:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-06 19:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-06 19:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-06 19:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-06 19:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-06 19:49 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-06 19:49 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-06 19:49 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-06 19:49 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-06 19:49 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-06 19:49 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-06 19:49 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-06 19:49 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-06 19:49 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-06 19:49 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-06 19:49 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-06 19:49 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-06 19:49 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-06 19:49 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-06 19:49 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-06 19:49 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-06 19:49 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-06 19:49 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-06 19:49 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-06 19:49 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-06 19:49 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-06 19:49 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-12-06 19:49 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-12-06 19:49 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-06 19:49 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-06 19:49 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-06 19:49 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-06 19:49 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-06 19:49 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-06 19:49 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-06 19:49 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-06 19:49 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-06 19:49 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-06 19:49 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-06 19:49 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-06 19:49 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-06 19:49 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-06 19:49 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-06 19:49 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-06 19:49 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-06 19:49 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-06 17:51 - 2013-12-06 20:59 - 00013978 _____ C:\Windows\IE11_main.log
2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys

==================== One Month Modified Files and Folders =======

2013-12-16 23:44 - 2013-12-16 23:43 - 00010566 _____ C:\Users\Kian\Desktop\FRST.txt
2013-12-16 23:43 - 2013-12-16 23:43 - 01927940 _____ (Farbar) C:\Users\Kian\Desktop\FRST64.exe
2013-12-16 23:41 - 2013-12-16 23:41 - 00001077 _____ C:\Users\Kian\Desktop\JRT.txt
2013-12-16 23:41 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 23:41 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 23:38 - 2010-11-21 07:50 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-12-16 23:38 - 2010-11-21 07:50 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-12-16 23:38 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 23:37 - 2013-12-16 23:37 - 01034531 _____ (Thisisu) C:\Users\Kian\Desktop\JRT.exe
2013-12-16 23:37 - 2013-12-16 23:37 - 00000000 ____D C:\Windows\ERUNT
2013-12-16 23:37 - 2013-08-15 20:40 - 01981136 _____ C:\Windows\WindowsUpdate.log
2013-12-16 23:33 - 2013-08-15 22:28 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-16 23:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 23:33 - 2009-07-14 05:51 - 02481511 _____ C:\Windows\setupact.log
2013-12-16 23:32 - 2013-12-16 23:31 - 00000000 ____D C:\AdwCleaner
2013-12-16 23:32 - 2013-08-15 22:30 - 00001287 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-16 23:32 - 2013-08-15 22:19 - 00001173 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-16 23:32 - 2013-08-15 22:19 - 00000990 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-12-16 23:31 - 2013-12-16 23:31 - 01226750 _____ C:\Users\Kian\Desktop\adwcleaner.exe
2013-12-16 23:05 - 2013-07-10 12:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-16 22:58 - 2013-08-15 22:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-16 22:51 - 2013-11-15 17:51 - 00000090 _____ C:\Users\Kian\AppData\Roaming\WB.CFG
2013-12-16 22:51 - 2013-11-15 17:51 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT
2013-12-16 22:26 - 2013-12-16 21:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-16 22:26 - 2013-12-16 21:43 - 00000000 ____D C:\Users\Kian\Desktop\mbar
2013-12-16 22:08 - 2013-12-16 21:45 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-16 22:08 - 2013-12-16 21:43 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-16 21:45 - 2013-12-16 21:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-16 21:42 - 2013-12-16 21:42 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Kian\Desktop\mbar-1.07.0.1008.exe
2013-12-12 22:04 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 22:04 - 2009-07-14 05:45 - 00292904 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet
2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1
2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt
2013-12-11 21:31 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Kian
2013-12-11 21:05 - 2013-07-10 12:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 21:05 - 2013-07-10 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 21:05 - 2013-07-10 12:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 20:53 - 2013-08-15 22:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-11 20:53 - 2013-08-15 22:28 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-11 20:50 - 2013-08-22 17:34 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-11 20:50 - 2013-08-22 17:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-11 20:44 - 2013-08-15 19:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-12-11 20:44 - 2010-11-21 04:47 - 00125788 _____ C:\Windows\PFRO.log
2013-12-06 20:59 - 2013-12-06 17:51 - 00013978 _____ C:\Windows\IE11_main.log
2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe
2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe
2013-12-06 20:01 - 2013-12-06 19:50 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2013-12-06 20:01 - 2013-12-06 19:50 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2013-12-06 19:50 - 2013-12-06 19:49 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-06 19:50 - 2013-08-15 16:42 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-06 19:49 - 2013-04-23 09:05 - 00044654 _____ C:\Windows\DirectX.log
2013-12-06 18:51 - 2013-08-15 15:42 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-02 23:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-29 17:44 - 2013-12-11 20:59 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-11-29 17:43 - 2013-12-11 20:59 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys

Some content of TEMP:
====================
C:\Users\Kian\AppData\Local\Temp\avgnt.exe
C:\Users\Kian\AppData\Local\Temp\Gw2.exe
C:\Users\Kian\AppData\Local\Temp\Quarantine.exe
C:\Users\Kian\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 23:14

==================== End Of Log ============================

--- --- ---

Addition Log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2013 02
Ran by Kian at 2013-12-16 23:44:42
Running from C:\Users\Kian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.16.2.0)
Avira Free Antivirus (x32 Version: 14.0.1.759)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlefield 4™ (x32 Version: 1.0.0.1)
Battlelog Web Plugins (x32 Version: 2.3.2)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
D3DX10 (x32 Version: 15.4.2368.0902)
Drakensang - Am Fluss der Zeit (x32)
ESN Sonar (x32 Version: 0.70.4)
Fotogalerie (x32 Version: 16.4.3503.0728)
Galería de fotos (x32 Version: 16.4.3503.0728)
Galeria fotografii (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
Guild Wars 2 (x32)
Junk Mail filter update (x32 Version: 16.4.3503.0728)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 15.0.4454.1510)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
NVIDIA PhysX (x32 Version: 9.10.0513)
Origin (x32 Version: 8.5.0.4518)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Poczta usługi Windows Live (x32 Version: 16.4.3503.0728)
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728)
PunkBuster Services (x32 Version: 0.993)
Raccolta foto (x32 Version: 16.4.3503.0728)
Razer Synapse 2.0 (x32 Version: 1.13.1)
Realtek Ethernet Controller Driver (x32 Version: 7.61.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Two Worlds II (x32 Version: 1.3.2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for PDF Reader (HKCU) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Family Safety (Version: 16.4.3503.0728)
Windows Live Family Safety (x32 Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Mail (x32 Version: 16.4.3503.0728)
Windows Live Messenger (x32 Version: 16.4.3503.0728)
Windows Live MIME IFilter (Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Windows Live Writer (x32 Version: 16.4.3503.0728)
Windows Live Writer Resources (x32 Version: 16.4.3503.0728)

==================== Restore Points  =========================

06-12-2013 16:50:53 Windows Update
06-12-2013 18:49:05 DirectX wurde installiert
06-12-2013 18:49:44 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
06-12-2013 18:49:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
06-12-2013 19:59:02 Windows Update
11-12-2013 19:54:34 Windows-Sicherung
11-12-2013 19:57:22 Installed Oracle VM VirtualBox 4.3.4
11-12-2013 20:15:13 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
11-12-2013 20:15:24 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
11-12-2013 20:15:44 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
11-12-2013 20:16:27 Removed Oracle VM VirtualBox 4.3.4
11-12-2013 20:39:21 Installed VMLite Workstation
11-12-2013 22:59:46 Windows Update
16-12-2013 20:41:49 Windows Update
16-12-2013 20:48:18 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Task: {714DC00A-9AEE-4DA0-9F53-2E41FAC3CF3F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {78D933BF-1EA0-404F-B143-CA40DFB442C9} - \DigitalSite No Task File
Task: {81C6C442-BB3A-4D82-A29B-733AC6A85AF7} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {8334ED72-F9DF-4506-96A4-0AA454D74025} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File
Task: {95A5714F-11EC-4D0C-91E2-A5775FBAA34A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Task: {A71306E9-AB61-4332-97D9-E4A7000017CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {B98C1B95-AA69-45D4-8AC0-51E05383A294} - \BonanzaDealsUpdate No Task File
Task: {D0E47C5E-949E-4DA4-A85F-CB91BFCEA8C7} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: {F2B1FED7-170F-4580-A842-C372CD0294F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-22 17:32 - 2013-07-18 07:02 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-12-06 17:56 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 17:56 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 17:56 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 17:56 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 17:56 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 17:56 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-11 20:44:30.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 20:55:04.047
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 20:46:35.090
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 20:10:58.444
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 19:50:21.439
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-06 18:57:24.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-15 20:07:36.783
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-15 19:41:48.160
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-15 19:22:57.608
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-15 19:03:05.264
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 16285.32 MB
Available physical RAM: 13863.59 MB
Total Pagefile: 32568.81 MB
Available Pagefile: 29793.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:3.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:741.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 17.12.2013, 00:01

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

lyara · 17.12.2013, 00:38

Hier schonmal der Report vom Quick Scan

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kian :: KIAN-PC [Administrator]

17.12.2013 00:10:02
mbam-log-2013-12-17 (00-10-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205016
Laufzeit: 1 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\$Recycle.Bin\S-1-5-21-3182670764-3704417578-619566864-1001\$RB8SJL3.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-3182670764-3704417578-619566864-1001\$RKVADPI.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kian\AppData\Local\Temp\is1590112554\273305_stp\cor_aartemis.exe (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kian\AppData\Local\Temp\is1590112554\273363_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kian\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kian\Downloads\PDFReaderSetup.exe (PUP.Optional.JumpyApps.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hab alles gemacht wie in der verlinkten Anleitung..

Das mit dem ESET Online Scanner mache ich gleich auch noch.

Das mit dem ESET muss ich morgen machen, dauert ja doch recht lange

11.12.2013, 23:35	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Wysotot.Gen eingefangen Das additions.txt Log ist leider unvollständig __________________ Logfiles bitte immer in CODE-Tags posten

11.12.2013, 23:51	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Wysotot.Gen eingefangen Hm..ich glaub FRST hat gerade nen Fehler...lad FRST morgen nochmal neu runter und erstell die Logs mit der neuen FRST-Version nochmal. Haken setzen bei additions.txt nicht vergessen. __________________ --> TR/Wysotot.Gen eingefangen

16.12.2013, 22:20	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Wysotot.Gen eingefangen Bitte das Log posten __________________ Logfiles bitte immer in CODE-Tags posten

TR/Wysotot.Gen eingefangen

Plagegeister aller Art und deren Bekämpfung: TR/Wysotot.Gen eingefangen