|
Plagegeister aller Art und deren Bekämpfung: TR/Wysotot.Gen eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.12.2013, 22:29 | #1 |
| TR/Wysotot.Gen eingefangen Hallo, ich hoffe, ich mach jetzt hier alles richtig, wenn nicht, weist mich bitte darauf hin, bin ganz neu, hab mich extra für mein kleines Problem angemeldet. Also: Ich habe vorhin versucht mir die Virtualbox herunterzuladen, um mir eine virtuelle Maschine für XP zu erstellen. Wollte gerne noch was fürs Studium machen und der dafür benötigte Compiler läuft nur dadrauf. Allerdings bin ich erst gar nicht bis zu dem Compiler gekommen. Nachdem ich mir zuerst die normale Virtualbox heruntergeladen und danach wieder deinstalliert habe, weil ich die vmlite brauchte (ebenfalls heruntergeladen) habe ich dann eine Meldung von AntiVir bekommen, es wäre Malware gefunden worden. Habe dann den Zugriff verweigert und es in die Quarantäne verschoben. Darin sind jetzt fünf Dateien, 4 mal wie im Titel schon benannt "TR/Wysotot.Gen" und eine namens "ADWARE/Installcore.Gen". Habe einen Screenshot in den Anhang gepackt (hoffentlich richtig?). Ich habe dann im Internet schon mal geforstet, auch ein paar Sachen dazu gefunden, aber weiß jetzt nicht, was ich machen soll. Der Rechner (nebenbei bemerkt von meinem Freund) ist ziemlich neu und da noch nicht so viel drauf ist überlege ich, ob es das Sinnvollste wäre den PC einfach in den Auslieferungszustand zurück zu setzen oder ob es eine bessere Möglichkeit gibt.. Wenn ja, wie sähe diese aus? Habe leider keine Ahnung von Viren und deren Behandlung. Ich habe unten die Logs mit Funden für euch. Wie gesagt, es ist der PC von meinem Freund, benutze ihn selbst eigentlich nie... Was mit den Sachen von vorher ist, weiß ich also nicht. Ich hoffe, mir kann schnell Jemand helfen. Liebe Grüße Sarah Exportierte Ereignisse: 11.12.2013 21:43 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe' enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d2b6cca.qua' verschoben! 11.12.2013 21:43 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Kian\AppData\Local\Temp\fullpackage_temp1384530672\tmp\eGdpSvc.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45a14306.qua' verschoben! 11.12.2013 21:18 [System-Scanner] Malware gefunden Die Datei 'C:\ProgramData\eSafe\eGdpSvc.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei konnte nicht gelöscht werden! Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc\ImagePath> wurde erfolgreich repariert. Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsysSvc\ImagePath> wurde erfolgreich repariert. Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc\ImagePath> wurde erfolgreich repariert. 11.12.2013 21:14 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\ProgramData\eSafe\eGdpSvc.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 06.12.2013 18:12 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.12.2013 23:14 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware] gefunden. Ausgeführte Aktion: Zugriff verweigern 02.12.2013 21:48 [Updater] Update nicht ausgeführt Das Update von Computer KIAN-PC (127.0.0.1) von "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. Es wurden keine neuen Dateien geladen. 15.11.2013 19:41 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware] gefunden. Ausgeführte Aktion: Zugriff verweigern 15.11.2013 16:51 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware] gefunden. Ausgeführte Aktion: Zugriff verweigern 15.11.2013 16:51 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware] gefunden. Ausgeführte Aktion: Übergeben an Scanner 15.11.2013 16:51 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Kian\AppData\Local\Temp\is1590112554\273451_stp\uninstaller.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware] gefunden. Ausgeführte Aktion: Zugriff verweigern |
11.12.2013, 23:18 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Wysotot.Gen eingefangen Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
11.12.2013, 23:29 | #3 |
| TR/Wysotot.Gen eingefangen Danke erstmal für die schnelle Antwort!
__________________Also, andere Logs habe ich nicht, ist auch kein Malwarebytes o.ä. installiert. Das mit dem FRST hab ich jetzt mal gemacht und das kam dabei raus: FRST.txt Inhalt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013 Ran by Kian (administrator) on KIAN-PC on 11-12-2013 23:24:22 Running from C:\Users\Kian\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (BonanzaDeals) C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\avrestart.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (iMesh Inc) C:\Users\Kian\AppData\Local\Temp\~nsu.tmp\Au_.exe (iMesh Inc) C:\Users\Kian\AppData\Local\Temp\~nsu.tmp\Au_.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh) FF Extension: BonanzaDeals - C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} Chrome: ======= CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4" CHR DefaultSearchKeyword: google.de CHR DefaultSearchProvider: Google CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Extended Protection) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0 CHR Extension: (Google Search) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (BonanzaDeals) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 CHR Extension: (Lightning Newtab) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0 CHR Extension: (Google Wallet) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-15] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-15] (BonanzaDeals) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-06] () ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-08-20] (Razer Inc) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-08-20] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30904 2013-08-20] (Razer Inc) S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [135928 2013-05-14] (Ray Hinchliffe) S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-11 23:24 - 2013-12-11 23:24 - 00015730 _____ C:\Users\Kian\Downloads\FRST.txt 2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST 2013-12-11 23:23 - 2013-12-11 23:23 - 01926944 _____ (Farbar) C:\Users\Kian\Downloads\FRST64.exe 2013-12-11 23:22 - 2013-12-11 23:22 - 00001185 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Local\iMesh 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Program Files (x86)\iMesh Applications 2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt 2013-12-11 21:34 - 2013-12-11 21:35 - 68253288 _____ (VMLite, Inc.) C:\Users\Kian\Downloads\VMLiteWorkstationSetup.exe 2013-12-11 20:59 - 2013-11-29 17:44 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2013-12-11 20:59 - 2013-11-29 17:43 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe 2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe 2013-12-06 19:50 - 2013-12-06 20:01 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk 2013-12-06 19:50 - 2013-12-06 20:01 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2013-12-06 19:49 - 2013-12-06 19:50 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-06 19:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2013-12-06 19:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2013-12-06 19:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2013-12-06 19:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2013-12-06 19:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2013-12-06 19:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2013-12-06 19:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2013-12-06 19:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2013-12-06 19:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2013-12-06 19:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2013-12-06 19:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2013-12-06 19:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2013-12-06 19:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2013-12-06 19:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2013-12-06 19:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2013-12-06 19:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2013-12-06 19:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2013-12-06 19:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2013-12-06 19:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2013-12-06 19:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2013-12-06 19:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2013-12-06 19:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2013-12-06 19:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2013-12-06 19:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2013-12-06 19:49 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2013-12-06 19:49 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2013-12-06 19:49 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2013-12-06 19:49 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2013-12-06 19:49 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2013-12-06 19:49 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2013-12-06 19:49 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2013-12-06 19:49 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2013-12-06 19:49 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2013-12-06 19:49 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2013-12-06 19:49 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2013-12-06 19:49 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2013-12-06 19:49 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2013-12-06 19:49 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2013-12-06 19:49 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2013-12-06 19:49 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2013-12-06 19:49 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2013-12-06 19:49 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2013-12-06 19:49 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2013-12-06 19:49 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2013-12-06 19:49 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2013-12-06 19:49 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2013-12-06 19:49 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2013-12-06 19:49 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2013-12-06 19:49 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2013-12-06 19:49 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2013-12-06 19:49 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2013-12-06 19:49 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2013-12-06 19:49 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2013-12-06 19:49 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2013-12-06 19:49 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2013-12-06 19:49 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2013-12-06 19:49 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2013-12-06 19:49 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2013-12-06 19:49 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2013-12-06 17:51 - 2013-12-06 20:59 - 00013978 _____ C:\Windows\IE11_main.log 2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2013-11-15 17:51 - 2013-12-11 21:50 - 00000097 _____ C:\Users\Kian\AppData\Roaming\WB.CFG 2013-11-15 17:51 - 2013-12-11 21:50 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT 2013-11-15 16:55 - 2013-11-15 16:55 - 00000000 ____D C:\Users\Kian\Documents\PC Speed Maximizer 2013-11-15 16:53 - 2013-11-15 16:56 - 00000000 ____D C:\ProgramData\Adobe 2013-11-15 16:53 - 2013-11-15 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-15 16:52 - 2013-10-12 03:31 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-15 16:52 - 2013-10-12 03:31 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-15 16:52 - 2013-10-12 03:31 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-15 16:52 - 2013-10-12 03:30 - 09071104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-15 16:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-15 16:52 - 2013-10-12 03:30 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-15 16:52 - 2013-10-12 03:30 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-15 16:52 - 2013-10-12 03:29 - 12295168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-15 16:52 - 2013-10-12 03:29 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-15 16:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-15 16:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-15 16:52 - 2013-10-12 03:29 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-15 16:52 - 2013-10-12 03:29 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-15 16:52 - 2013-10-12 03:04 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-15 16:52 - 2013-10-12 03:04 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-15 16:52 - 2013-10-12 03:04 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-15 16:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-15 16:52 - 2013-10-12 03:02 - 06038528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-15 16:52 - 2013-10-12 03:02 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-15 16:52 - 2013-10-12 03:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-15 16:52 - 2013-10-12 03:01 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-15 16:52 - 2013-10-12 03:01 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-15 16:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-15 16:52 - 2013-10-12 03:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-15 16:52 - 2013-10-12 03:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-15 16:52 - 2013-10-12 02:32 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-15 16:52 - 2013-10-12 02:15 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-15 16:52 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-15 16:52 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-15 16:52 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-15 16:52 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-15 16:52 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-15 16:52 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-15 16:52 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-15 16:52 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-15 16:52 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-15 16:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-15 16:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-15 16:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-15 16:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-15 16:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-15 16:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-15 16:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-15 16:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-15 16:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-15 16:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-15 16:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-15 16:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-15 16:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-15 16:52 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-11-15 16:52 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-11-15 16:52 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-11-15 16:52 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-11-15 16:52 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-11-15 16:52 - 2013-08-27 10:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-11-15 16:52 - 2013-08-27 10:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-11-15 16:52 - 2013-08-27 09:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-11-15 16:52 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-11-15 16:52 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-11-15 16:52 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-11-15 16:52 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-11-15 16:52 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-11-15 16:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-15 16:52 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-11-15 16:52 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-11-15 16:52 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-11-15 16:52 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-11-15 16:52 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-11-15 16:52 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-11-15 16:52 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-11-15 16:52 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-11-15 16:52 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-11-15 16:52 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-11-15 16:52 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-11-15 16:52 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-11-15 16:52 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-11-15 16:52 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-11-15 16:52 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-11-15 16:52 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-11-15 16:52 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-11-15 16:51 - 2013-12-11 22:56 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-11-15 16:51 - 2013-12-11 22:51 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job 2013-11-15 16:51 - 2013-12-11 21:18 - 00000000 ____D C:\ProgramData\eSafe 2013-11-15 16:51 - 2013-12-11 20:44 - 00000918 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-11-15 16:51 - 2013-11-15 16:51 - 00003918 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-11-15 16:51 - 2013-11-15 16:51 - 00003666 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-11-15 16:51 - 2013-11-15 16:51 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-11-15 16:51 - 2013-11-15 16:51 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\SumatraPDF 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\DigitalSite 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\aartemis 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Local\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\PDFReader 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-11-15 16:51 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-15 16:51 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-15 16:51 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-11-15 16:51 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-11-15 16:51 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-11-15 16:51 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-11-15 16:51 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-11-15 16:51 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-11-15 16:51 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-11-15 16:51 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-11-15 16:51 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-11-15 16:51 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-11-15 16:51 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-11-15 16:51 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-11-15 16:51 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-11-15 16:51 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-11-15 16:51 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-11-15 16:51 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-11-15 16:51 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-11-15 16:50 - 2013-11-15 16:50 - 01308056 _____ C:\Users\Kian\Downloads\PDFReaderSetup.exe 2013-11-15 16:47 - 2013-11-15 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan ==================== One Month Modified Files and Folders ======= 2013-12-11 23:24 - 2013-12-11 23:24 - 00015730 _____ C:\Users\Kian\Downloads\FRST.txt 2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST 2013-12-11 23:23 - 2013-12-11 23:23 - 01926944 _____ (Farbar) C:\Users\Kian\Downloads\FRST64.exe 2013-12-11 23:22 - 2013-12-11 23:22 - 00001185 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Local\iMesh 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Program Files (x86)\iMesh Applications 2013-12-11 23:05 - 2013-07-10 12:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-11 22:58 - 2013-08-15 22:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-11 22:56 - 2013-11-15 16:51 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-12-11 22:51 - 2013-11-15 16:51 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job 2013-12-11 22:04 - 2013-08-15 20:40 - 01586675 _____ C:\Windows\WindowsUpdate.log 2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt 2013-12-11 21:50 - 2013-11-15 17:51 - 00000097 _____ C:\Users\Kian\AppData\Roaming\WB.CFG 2013-12-11 21:50 - 2013-11-15 17:51 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT 2013-12-11 21:35 - 2013-12-11 21:34 - 68253288 _____ (VMLite, Inc.) C:\Users\Kian\Downloads\VMLiteWorkstationSetup.exe 2013-12-11 21:31 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Kian 2013-12-11 21:18 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\eSafe 2013-12-11 21:05 - 2013-07-10 12:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 21:05 - 2013-07-10 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 21:05 - 2013-07-10 12:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 20:58 - 2013-08-15 22:28 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-11 20:53 - 2013-08-15 22:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-11 20:53 - 2013-08-15 22:28 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-11 20:52 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-11 20:52 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-11 20:50 - 2013-08-22 17:34 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-12-11 20:49 - 2009-07-14 05:51 - 02367344 _____ C:\Windows\setupact.log 2013-12-11 20:48 - 2010-11-21 07:50 - 00696832 _____ C:\Windows\system32\perfh007.dat 2013-12-11 20:48 - 2010-11-21 07:50 - 00148128 _____ C:\Windows\system32\perfc007.dat 2013-12-11 20:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-11 20:44 - 2013-11-15 16:51 - 00000918 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-12-11 20:44 - 2013-08-15 19:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-12-11 20:44 - 2010-11-21 04:47 - 00125788 _____ C:\Windows\PFRO.log 2013-12-11 20:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-06 20:59 - 2013-12-06 17:51 - 00013978 _____ C:\Windows\IE11_main.log 2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe 2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe 2013-12-06 20:01 - 2013-12-06 19:50 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk 2013-12-06 20:01 - 2013-12-06 19:50 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2013-12-06 19:50 - 2013-12-06 19:49 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-12-06 19:50 - 2013-08-15 16:42 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe 2013-12-06 19:49 - 2013-04-23 09:05 - 00044654 _____ C:\Windows\DirectX.log 2013-12-06 18:51 - 2013-08-15 15:42 - 00000000 ____D C:\Program Files (x86)\Origin 2013-12-06 17:56 - 2013-08-15 22:30 - 00002368 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-02 23:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-02 21:48 - 2009-07-14 05:45 - 00292904 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-29 17:44 - 2013-12-11 20:59 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2013-11-29 17:43 - 2013-12-11 20:59 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2013-11-15 20:12 - 2013-09-26 14:37 - 01590298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-15 20:10 - 2013-08-22 17:58 - 00000000 ____D C:\Windows\system32\MRT 2013-11-15 16:56 - 2013-11-15 16:53 - 00000000 ____D C:\ProgramData\Adobe 2013-11-15 16:55 - 2013-11-15 16:55 - 00000000 ____D C:\Users\Kian\Documents\PC Speed Maximizer 2013-11-15 16:55 - 2013-07-10 12:02 - 00000000 ____D C:\Users\Kian\AppData\Local\Adobe 2013-11-15 16:55 - 2013-06-08 11:45 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Adobe 2013-11-15 16:54 - 2013-09-22 15:21 - 00000000 ____D C:\Users\Kian\Desktop\Schutz 2013-11-15 16:53 - 2013-11-15 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-15 16:51 - 2013-11-15 16:51 - 00003918 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-11-15 16:51 - 2013-11-15 16:51 - 00003666 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-11-15 16:51 - 2013-11-15 16:51 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-11-15 16:51 - 2013-11-15 16:51 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\SumatraPDF 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\DigitalSite 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\aartemis 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Local\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\PDFReader 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-11-15 16:51 - 2013-08-15 22:19 - 00001632 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-11-15 16:51 - 2013-08-15 22:19 - 00001610 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-11-15 16:50 - 2013-11-15 16:50 - 01308056 _____ C:\Users\Kian\Downloads\PDFReaderSetup.exe 2013-11-15 16:47 - 2013-11-15 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan Some content of TEMP: ==================== C:\Users\Kian\AppData\Local\Temp\avgnt.exe C:\Users\Kian\AppData\Local\Temp\Gw2.exe C:\Users\Kian\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-02 23:14 ==================== End Of Log ============================ Addition.txt Inhalt: Code:
ATTFilter ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 16285.32 MB Available physical RAM: 12753.17 MB Total Pagefile: 32568.81 MB Available Pagefile: 28505.78 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:5 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:742.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F) Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
11.12.2013, 23:35 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Wysotot.Gen eingefangen Das additions.txt Log ist leider unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
11.12.2013, 23:41 | #5 |
| TR/Wysotot.Gen eingefangen Also, hier nochmal, ich glaube aber, dass sie nicht anders ist, oder? Hab alles raus kopiert, mehr ist nicht da... :/ EDIT: Okay, sieht doch anders aus, ich hoffe jetzt stimmts? Komisch, hab eben alles genau so gemacht... Code:
ATTFilter ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 16285.32 MB Available physical RAM: 12753.17 MB Total Pagefile: 32568.81 MB Available Pagefile: 28505.78 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:5 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:742.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F) Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 16285.32 MB Available physical RAM: 12897.18 MB Total Pagefile: 32568.81 MB Available Pagefile: 28637.75 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:5.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:742.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F) Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
11.12.2013, 23:51 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Wysotot.Gen eingefangen Hm..ich glaub FRST hat gerade nen Fehler...lad FRST morgen nochmal neu runter und erstell die Logs mit der neuen FRST-Version nochmal. Haken setzen bei additions.txt nicht vergessen.
__________________ --> TR/Wysotot.Gen eingefangen |
12.12.2013, 22:16 | #7 |
| TR/Wysotot.Gen eingefangen Der Haken war gesetzt... Hab es auch grade nochmal probiert, kam wieder das gleiche raus. Dann probier ich es morgen noch mal. Also, habe es heute nochmal probiert Hier das Ergebnis: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013 02 Ran by Kian (administrator) on KIAN-PC on 12-12-2013 22:14:26 Running from C:\Users\Kian\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (BonanzaDeals) C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4&q={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: BonanzaDeals - C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} Chrome: ======= CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4 CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1384530677&from=cor&uid=M4-CT128M4SSD2_000000001307092AF5E4" CHR DefaultSearchKeyword: google.de CHR DefaultSearchProvider: Google CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Extended Protection) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0 CHR Extension: (Google Search) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (BonanzaDeals) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 CHR Extension: (Lightning Newtab) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0 CHR Extension: (Google Wallet) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-15] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-15] (BonanzaDeals) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-06] () ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-08-20] (Razer Inc) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-08-20] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30904 2013-08-20] (Razer Inc) S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [135928 2013-05-14] (Ray Hinchliffe) S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-12 22:14 - 2013-12-12 22:14 - 00015164 _____ C:\Users\Kian\Downloads\FRST.txt 2013-12-12 22:12 - 2013-12-12 22:12 - 01927290 _____ (Farbar) C:\Users\Kian\Downloads\FRST64.exe 2013-12-12 00:00 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 00:00 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 00:00 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-12 00:00 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1 2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt 2013-12-11 20:59 - 2013-11-29 17:44 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2013-12-11 20:59 - 2013-11-29 17:43 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2013-12-11 20:49 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-11 20:49 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 20:49 - 2013-11-02 03:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 20:49 - 2013-11-02 03:28 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 20:49 - 2013-11-02 03:28 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-11 20:49 - 2013-11-02 03:26 - 09073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 20:49 - 2013-11-02 03:26 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-11 20:49 - 2013-11-02 03:26 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-11 20:49 - 2013-11-02 03:25 - 12295168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 20:49 - 2013-11-02 03:25 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 20:49 - 2013-11-02 03:25 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 20:49 - 2013-11-02 03:25 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 20:49 - 2013-11-02 03:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 20:49 - 2013-11-02 03:07 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 20:49 - 2013-11-02 03:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-12-11 20:49 - 2013-11-02 03:04 - 06039552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 20:49 - 2013-11-02 03:04 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-11 20:49 - 2013-11-02 03:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-12-11 20:49 - 2013-11-02 03:04 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 20:49 - 2013-11-02 03:03 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 20:49 - 2013-11-02 03:03 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 20:49 - 2013-11-02 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 20:49 - 2013-11-02 02:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 20:49 - 2013-11-02 02:13 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 20:49 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-11 20:49 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 20:49 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 20:49 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 20:49 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 20:49 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 20:49 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 20:49 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 20:49 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 20:49 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 20:49 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-11 20:49 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 20:49 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 20:49 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 20:49 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe 2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe 2013-12-06 19:50 - 2013-12-06 20:01 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk 2013-12-06 19:50 - 2013-12-06 20:01 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2013-12-06 19:49 - 2013-12-06 19:50 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-06 19:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2013-12-06 19:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2013-12-06 19:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2013-12-06 19:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2013-12-06 19:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2013-12-06 19:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2013-12-06 19:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2013-12-06 19:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2013-12-06 19:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2013-12-06 19:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2013-12-06 19:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2013-12-06 19:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2013-12-06 19:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2013-12-06 19:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2013-12-06 19:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2013-12-06 19:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2013-12-06 19:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2013-12-06 19:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2013-12-06 19:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2013-12-06 19:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2013-12-06 19:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2013-12-06 19:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2013-12-06 19:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2013-12-06 19:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2013-12-06 19:49 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2013-12-06 19:49 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2013-12-06 19:49 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2013-12-06 19:49 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2013-12-06 19:49 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2013-12-06 19:49 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2013-12-06 19:49 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2013-12-06 19:49 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2013-12-06 19:49 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2013-12-06 19:49 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2013-12-06 19:49 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2013-12-06 19:49 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2013-12-06 19:49 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2013-12-06 19:49 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2013-12-06 19:49 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2013-12-06 19:49 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2013-12-06 19:49 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2013-12-06 19:49 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2013-12-06 19:49 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2013-12-06 19:49 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2013-12-06 19:49 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2013-12-06 19:49 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2013-12-06 19:49 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2013-12-06 19:49 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2013-12-06 19:49 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2013-12-06 19:49 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2013-12-06 19:49 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2013-12-06 19:49 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2013-12-06 19:49 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2013-12-06 19:49 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2013-12-06 19:49 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2013-12-06 19:49 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2013-12-06 19:49 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2013-12-06 19:49 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2013-12-06 19:49 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2013-12-06 17:51 - 2013-12-06 20:59 - 00013978 _____ C:\Windows\IE11_main.log 2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2013-11-15 17:51 - 2013-12-11 21:50 - 00000097 _____ C:\Users\Kian\AppData\Roaming\WB.CFG 2013-11-15 17:51 - 2013-12-11 21:50 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT 2013-11-15 16:55 - 2013-11-15 16:55 - 00000000 ____D C:\Users\Kian\Documents\PC Speed Maximizer 2013-11-15 16:53 - 2013-11-15 16:56 - 00000000 ____D C:\ProgramData\Adobe 2013-11-15 16:53 - 2013-11-15 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-15 16:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-15 16:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-15 16:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-15 16:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-15 16:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-15 16:52 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-15 16:52 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-15 16:52 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-15 16:52 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-15 16:52 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-15 16:52 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-15 16:52 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-15 16:52 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-15 16:52 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-15 16:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-15 16:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-15 16:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-15 16:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-15 16:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-15 16:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-15 16:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-15 16:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-15 16:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-15 16:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-15 16:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-15 16:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-15 16:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-15 16:52 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-11-15 16:52 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-11-15 16:52 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-11-15 16:52 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-11-15 16:52 - 2013-08-27 10:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-11-15 16:52 - 2013-08-27 10:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-11-15 16:52 - 2013-08-27 09:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-11-15 16:52 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-11-15 16:52 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-11-15 16:52 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-11-15 16:52 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-11-15 16:52 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-11-15 16:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-15 16:52 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-11-15 16:52 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-11-15 16:52 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-11-15 16:52 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-11-15 16:52 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-11-15 16:52 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-11-15 16:52 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-11-15 16:52 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-11-15 16:52 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-11-15 16:52 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-11-15 16:52 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-11-15 16:52 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-11-15 16:52 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-11-15 16:52 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-11-15 16:52 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-11-15 16:52 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-11-15 16:52 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-11-15 16:51 - 2013-12-12 22:04 - 00000918 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-11-15 16:51 - 2013-12-11 23:56 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-11-15 16:51 - 2013-12-11 23:51 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job 2013-11-15 16:51 - 2013-12-11 21:18 - 00000000 ____D C:\ProgramData\eSafe 2013-11-15 16:51 - 2013-11-15 16:51 - 00003918 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-11-15 16:51 - 2013-11-15 16:51 - 00003666 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-11-15 16:51 - 2013-11-15 16:51 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-11-15 16:51 - 2013-11-15 16:51 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\SumatraPDF 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\DigitalSite 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\aartemis 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Local\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\PDFReader 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-11-15 16:51 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-15 16:51 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-15 16:51 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-11-15 16:51 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-11-15 16:51 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-11-15 16:51 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-11-15 16:51 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-11-15 16:51 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-11-15 16:51 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-11-15 16:51 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-11-15 16:51 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-11-15 16:51 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-11-15 16:51 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-11-15 16:51 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-11-15 16:51 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-11-15 16:51 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-11-15 16:51 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-11-15 16:51 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-11-15 16:51 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-11-15 16:50 - 2013-11-15 16:50 - 01308056 _____ C:\Users\Kian\Downloads\PDFReaderSetup.exe 2013-11-15 16:47 - 2013-11-15 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan ==================== One Month Modified Files and Folders ======= 2013-12-12 22:14 - 2013-12-12 22:14 - 00015164 _____ C:\Users\Kian\Downloads\FRST.txt 2013-12-12 22:12 - 2013-12-12 22:12 - 01927290 _____ (Farbar) C:\Users\Kian\Downloads\FRST64.exe 2013-12-12 22:09 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-12 22:09 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-12 22:08 - 2013-08-15 20:40 - 01910608 _____ C:\Windows\WindowsUpdate.log 2013-12-12 22:08 - 2010-11-21 07:50 - 00696832 _____ C:\Windows\system32\perfh007.dat 2013-12-12 22:08 - 2010-11-21 07:50 - 00148128 _____ C:\Windows\system32\perfc007.dat 2013-12-12 22:08 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-12 22:06 - 2009-07-14 05:51 - 02437187 _____ C:\Windows\setupact.log 2013-12-12 22:05 - 2013-07-10 12:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-12 22:04 - 2013-11-15 16:51 - 00000918 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-12-12 22:04 - 2013-08-15 22:28 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-12 22:04 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-12 22:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-12 22:04 - 2009-07-14 05:45 - 00292904 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-11 23:58 - 2013-08-15 22:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-11 23:56 - 2013-11-15 16:51 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-12-11 23:51 - 2013-11-15 16:51 - 00000288 _____ C:\Windows\Tasks\DigitalSite.job 2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1 2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt 2013-12-11 21:50 - 2013-11-15 17:51 - 00000097 _____ C:\Users\Kian\AppData\Roaming\WB.CFG 2013-12-11 21:50 - 2013-11-15 17:51 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT 2013-12-11 21:31 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Kian 2013-12-11 21:18 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\eSafe 2013-12-11 21:05 - 2013-07-10 12:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 21:05 - 2013-07-10 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 21:05 - 2013-07-10 12:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 20:53 - 2013-08-15 22:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-11 20:53 - 2013-08-15 22:28 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-11 20:50 - 2013-08-22 17:34 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-12-11 20:44 - 2013-08-15 19:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-12-11 20:44 - 2010-11-21 04:47 - 00125788 _____ C:\Windows\PFRO.log 2013-12-06 20:59 - 2013-12-06 17:51 - 00013978 _____ C:\Windows\IE11_main.log 2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe 2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe 2013-12-06 20:01 - 2013-12-06 19:50 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk 2013-12-06 20:01 - 2013-12-06 19:50 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2013-12-06 19:50 - 2013-12-06 19:49 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-12-06 19:50 - 2013-08-15 16:42 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe 2013-12-06 19:49 - 2013-04-23 09:05 - 00044654 _____ C:\Windows\DirectX.log 2013-12-06 18:51 - 2013-08-15 15:42 - 00000000 ____D C:\Program Files (x86)\Origin 2013-12-06 17:56 - 2013-08-15 22:30 - 00002368 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-02 23:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-29 17:44 - 2013-12-11 20:59 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2013-11-29 17:43 - 2013-12-11 20:59 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2013-11-15 20:12 - 2013-09-26 14:37 - 01590298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-11-15 20:10 - 2013-08-22 17:58 - 00000000 ____D C:\Windows\system32\MRT 2013-11-15 16:56 - 2013-11-15 16:53 - 00000000 ____D C:\ProgramData\Adobe 2013-11-15 16:55 - 2013-11-15 16:55 - 00000000 ____D C:\Users\Kian\Documents\PC Speed Maximizer 2013-11-15 16:55 - 2013-07-10 12:02 - 00000000 ____D C:\Users\Kian\AppData\Local\Adobe 2013-11-15 16:55 - 2013-06-08 11:45 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Adobe 2013-11-15 16:54 - 2013-09-22 15:21 - 00000000 ____D C:\Users\Kian\Desktop\Schutz 2013-11-15 16:53 - 2013-11-15 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-11-15 16:51 - 2013-11-15 16:51 - 00003918 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-11-15 16:51 - 2013-11-15 16:51 - 00003666 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-11-15 16:51 - 2013-11-15 16:51 - 00003384 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-11-15 16:51 - 2013-11-15 16:51 - 00003224 _____ C:\Windows\System32\Tasks\DigitalSite 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\SumatraPDF 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\DigitalSite 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Roaming\aartemis 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Users\Kian\AppData\Local\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\PDFReader 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-11-15 16:51 - 2013-11-15 16:51 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-11-15 16:51 - 2013-08-15 22:19 - 00001632 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-11-15 16:51 - 2013-08-15 22:19 - 00001610 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-11-15 16:50 - 2013-11-15 16:50 - 01308056 _____ C:\Users\Kian\Downloads\PDFReaderSetup.exe 2013-11-15 16:47 - 2013-11-15 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-11-12 03:23 - 2013-12-11 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-11-12 03:07 - 2013-12-11 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll Some content of TEMP: ==================== C:\Users\Kian\AppData\Local\Temp\avgnt.exe C:\Users\Kian\AppData\Local\Temp\Gw2.exe C:\Users\Kian\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-02 23:14 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-12-2013 02 Ran by Kian at 2013-12-12 22:14:49 Running from C:\Users\Kian\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== aartemis Browser Protecter (x32) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0328.2218.38225) AMD Media Foundation Decoders (Version: 1.0.80328.2204) AMD Steady Video Plug-In (Version: 2.06.0000) AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.16.2.0) Avira Free Antivirus (x32 Version: 14.0.1.759) Battlefield 3™ (x32 Version: 1.0.0.0) Battlefield 4™ (x32 Version: 1.0.0.1) Battlelog Web Plugins (x32 Version: 2.3.2) Bonanza Deals (remove only) (x32 Version: 5.0.1.0) <==== ATTENTION Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) D3DX10 (x32 Version: 15.4.2368.0902) Drakensang - Am Fluss der Zeit (x32) ESN Sonar (x32 Version: 0.70.4) Fotogalerie (x32 Version: 16.4.3503.0728) Galería de fotos (x32 Version: 16.4.3503.0728) Galeria fotografii (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Google Chrome (x32 Version: 31.0.1650.63) Google Update Helper (x32 Version: 1.3.22.3) Guild Wars 2 (x32) Junk Mail filter update (x32 Version: 16.4.3503.0728) McAfee Security Scan Plus (Version: 3.8.130.10) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 15.0.4454.1510) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610) Movie Maker (x32 Version: 16.4.3503.0728) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) NVIDIA PhysX (x32 Version: 9.10.0513) Origin (x32 Version: 8.5.0.4518) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) Poczta usługi Windows Live (x32 Version: 16.4.3503.0728) Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728) PunkBuster Services (x32 Version: 0.993) Raccolta foto (x32 Version: 16.4.3503.0728) Razer Synapse 2.0 (x32 Version: 1.13.1) Realtek Ethernet Controller Driver (x32 Version: 7.61.612.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662) Two Worlds II (x32 Version: 1.3.2.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Update for PDF Reader (HKCU) Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Family Safety (Version: 16.4.3503.0728) Windows Live Family Safety (x32 Version: 16.4.3503.0728) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Mail (x32 Version: 16.4.3503.0728) Windows Live Messenger (x32 Version: 16.4.3503.0728) Windows Live MIME IFilter (Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) Windows Live Writer (x32 Version: 16.4.3503.0728) Windows Live Writer Resources (x32 Version: 16.4.3503.0728) Wsys Control 15.2.1.2652 (x32 Version: 15.2.1.2652) <==== ATTENTION ==================== Restore Points ========================= 06-12-2013 16:50:53 Windows Update 06-12-2013 18:49:05 DirectX wurde installiert 06-12-2013 18:49:44 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 06-12-2013 18:49:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 06-12-2013 19:59:02 Windows Update 11-12-2013 19:54:34 Windows-Sicherung 11-12-2013 19:57:22 Installed Oracle VM VirtualBox 4.3.4 11-12-2013 20:15:13 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 11-12-2013 20:15:24 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 11-12-2013 20:15:44 Removed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 11-12-2013 20:16:27 Removed Oracle VM VirtualBox 4.3.4 11-12-2013 20:39:21 Installed VMLite Workstation 11-12-2013 22:59:46 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {78D933BF-1EA0-404F-B143-CA40DFB442C9} - System32\Tasks\DigitalSite => C:\Users\Kian\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () Task: {8334ED72-F9DF-4506-96A4-0AA454D74025} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-15] (BonanzaDeals) <==== ATTENTION Task: {95A5714F-11EC-4D0C-91E2-A5775FBAA34A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.) Task: {A71306E9-AB61-4332-97D9-E4A7000017CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.) Task: {B98C1B95-AA69-45D4-8AC0-51E05383A294} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION Task: {D0E47C5E-949E-4DA4-A85F-CB91BFCEA8C7} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-15] (BonanzaDeals) <==== ATTENTION Task: {F2B1FED7-170F-4580-A842-C372CD0294F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Kian\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-08-22 17:32 - 2013-07-18 07:02 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-12-06 17:56 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-06 17:56 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-06 17:56 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-06 17:56 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-06 17:56 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll 2013-12-06 17:56 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/12/2013 10:06:00 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/12/2013 10:04:36 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9 Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002ea19 ID des fehlerhaften Prozesses: 0xad4 Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0 Pfad der fehlerhaften Anwendung: atieclxx.exe1 Pfad des fehlerhaften Moduls: atieclxx.exe2 Berichtskennung: atieclxx.exe3 Error: (12/11/2013 08:46:17 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/11/2013 08:44:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0xdf0 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (12/11/2013 08:44:43 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9 Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002ea19 ID des fehlerhaften Prozesses: 0x508 Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0 Pfad der fehlerhaften Anwendung: atieclxx.exe1 Pfad des fehlerhaften Moduls: atieclxx.exe2 Berichtskennung: atieclxx.exe3 Error: (12/06/2013 06:47:53 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2013 05:49:13 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2013 05:45:07 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0xe14 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (12/02/2013 10:05:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/02/2013 09:49:50 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/12/2013 10:03:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b Error: (12/11/2013 09:56:32 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (12/11/2013 09:56:32 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (12/11/2013 09:56:22 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (12/11/2013 09:56:21 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (12/11/2013 09:18:55 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Wsys Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/06/2013 08:59:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme Error: (12/06/2013 08:56:33 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (12/06/2013 08:56:32 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (12/06/2013 08:56:22 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (12/12/2013 10:06:00 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/12/2013 10:04:36 PM) (Source: Application Error)(User: ) Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea19ad401cef77dc21a7125C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe00fed049-6371-11e3-9811-60a44c6116a9 Error: (12/11/2013 08:46:17 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/11/2013 08:44:44 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487df001cef6a96d555e9eC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeaed901ce-629c-11e3-a3e1-60a44c6116a9 Error: (12/11/2013 08:44:43 PM) (Source: Application Error)(User: ) Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea1950801cef6a96709db12C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exeadbb5cae-629c-11e3-a3e1-60a44c6116a9 Error: (12/06/2013 06:47:53 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2013 05:49:13 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2013 05:45:07 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487e1401cef2a2820240ceC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exec2eb2a8d-5e95-11e3-8bac-60a44c6116a9 Error: (12/02/2013 10:05:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/02/2013 09:49:50 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-12-11 20:44:30.544 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 20:55:04.047 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 20:46:35.090 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 20:10:58.444 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 19:50:21.439 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 18:57:24.031 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-15 20:07:36.783 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-15 19:41:48.160 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-15 19:22:57.608 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-15 19:03:05.264 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 16285.32 MB Available physical RAM: 13701.6 MB Total Pagefile: 32568.81 MB Available Pagefile: 29544.02 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:4.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:742.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F) Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
13.12.2013, 14:56 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Wysotot.Gen eingefangen Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
16.12.2013, 21:52 | #9 |
| TR/Wysotot.Gen eingefangen Werde ich heute sobald ich zuhause bin machen, war das ganze Wochenende arbeiten, daher erst jetzt eine Antwort von mir Hallo Also, ich habe grade alles durchgeführt wie beschrieben, aber als der Scan fertig war, wurde mir angezeigt es sei keine Malware vorhanden! Ist das jetzt gut oder schlecht? |
16.12.2013, 22:20 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Wysotot.Gen eingefangen Bitte das Log posten
__________________ Logfiles bitte immer in CODE-Tags posten |
16.12.2013, 22:28 | #11 |
| TR/Wysotot.Gen eingefangen Oh Entschuldigung, ich dachte das würde nicht viel nutzen, wenn nichts gefunden wurde Also hier das Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2013.12.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Kian :: KIAN-PC [administrator] 16.12.2013 21:45:58 mbar-log-2013-12-16 (21-45-58).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 218621 Time elapsed: 4 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
16.12.2013, 23:28 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Wysotot.Gen eingefangen So ein Log enthält nun mal ein paar mehr Infos als nur Fund oder kein Fund zB sieht man ob du aktuelle Signaturen hattest oder nicht. Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
16.12.2013, 23:45 | #13 |
| TR/Wysotot.Gen eingefangen AdwCleaner Log: Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 16/12/2013 um 23:32:33 # Updated 10/12/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Kian - KIAN-PC # Gestartet von : C:\Users\Kian\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : bonanzadealslive [#] Dienst Gelöscht : bonanzadealslivem ***** [ Dateien / Ordner ] ***** [!] Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive Ordner Gelöscht : C:\ProgramData\eSafe Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals [!] Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive Ordner Gelöscht : C:\Users\Kian\AppData\Local\BonanzaDealsLive Ordner Gelöscht : C:\Users\Kian\AppData\Roaming\aartemis Ordner Gelöscht : C:\Users\Kian\AppData\Roaming\digitalsite Ordner Gelöscht : C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals Ordner Gelöscht : C:\Users\Kian\Documents\PC Speed Maximizer Ordner Gelöscht : C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} Ordner Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml Ordner Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj Ordner Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Datei Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx Datei Gelöscht : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage Datei Gelöscht : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore Datei Gelöscht : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsUpdate Datei Gelöscht : C:\Windows\Tasks\digitalsite.job Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\Kian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive Schlüssel Gelöscht : HKCU\Software\dsiteproducts Schlüssel Gelöscht : HKCU\Software\Imesh Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKLM\Software\aartemisSoftware Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive Schlüssel Gelöscht : HKLM\Software\eSafeSecControl Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aartemis Browser Protecter Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl ***** [ Browser ] ***** -\\ Internet Explorer v8.0.7601.17514 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v [ Datei : C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ Datei : C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : homepage Gelöscht : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [15503 octets] - [16/12/2013 23:31:57] AdwCleaner[S0].txt - [13265 octets] - [16/12/2013 23:32:33] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13326 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Home Premium x64 Ran by Kian on 16.12.2013 at 23:37:48,29 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Kian\appdata\local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.12.2013 at 23:41:42,09 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02 Ran by Kian (administrator) on KIAN-PC on 16-12-2013 23:44:26 Running from C:\Users\Kian\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Kian\AppData\Roaming\Mozilla\Firefox\Profiles\d8rzfw05.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchKeyword: google.de CHR DefaultSearchProvider: Google CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Kian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-06] () ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-08-20] (Razer Inc) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [39096 2013-08-20] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [30904 2013-08-20] (Razer Inc) S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [135928 2013-05-14] (Ray Hinchliffe) S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-16 23:43 - 2013-12-16 23:44 - 00010566 _____ C:\Users\Kian\Desktop\FRST.txt 2013-12-16 23:43 - 2013-12-16 23:43 - 01927940 _____ (Farbar) C:\Users\Kian\Desktop\FRST64.exe 2013-12-16 23:41 - 2013-12-16 23:41 - 00001077 _____ C:\Users\Kian\Desktop\JRT.txt 2013-12-16 23:37 - 2013-12-16 23:37 - 01034531 _____ (Thisisu) C:\Users\Kian\Desktop\JRT.exe 2013-12-16 23:37 - 2013-12-16 23:37 - 00000000 ____D C:\Windows\ERUNT 2013-12-16 23:31 - 2013-12-16 23:32 - 00000000 ____D C:\AdwCleaner 2013-12-16 23:31 - 2013-12-16 23:31 - 01226750 _____ C:\Users\Kian\Desktop\adwcleaner.exe 2013-12-16 21:45 - 2013-12-16 22:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-12-16 21:45 - 2013-12-16 22:08 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-12-16 21:45 - 2013-12-16 21:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-16 21:43 - 2013-12-16 22:26 - 00000000 ____D C:\Users\Kian\Desktop\mbar 2013-12-16 21:43 - 2013-12-16 22:08 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-12-16 21:42 - 2013-12-16 21:42 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Kian\Desktop\mbar-1.07.0.1008.exe 2013-12-12 00:00 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 00:00 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 00:00 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-12 00:00 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1 2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt 2013-12-11 20:59 - 2013-11-29 17:44 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2013-12-11 20:59 - 2013-11-29 17:43 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2013-12-11 20:49 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-11 20:49 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-11 20:49 - 2013-11-02 03:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 20:49 - 2013-11-02 03:28 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 20:49 - 2013-11-02 03:28 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-11 20:49 - 2013-11-02 03:26 - 09073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 20:49 - 2013-11-02 03:26 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-11 20:49 - 2013-11-02 03:26 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-11 20:49 - 2013-11-02 03:25 - 12295168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 20:49 - 2013-11-02 03:25 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 20:49 - 2013-11-02 03:25 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 20:49 - 2013-11-02 03:25 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 20:49 - 2013-11-02 03:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-11 20:49 - 2013-11-02 03:07 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 20:49 - 2013-11-02 03:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-12-11 20:49 - 2013-11-02 03:04 - 06039552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 20:49 - 2013-11-02 03:04 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-11 20:49 - 2013-11-02 03:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-12-11 20:49 - 2013-11-02 03:04 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 20:49 - 2013-11-02 03:03 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 20:49 - 2013-11-02 03:03 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 20:49 - 2013-11-02 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 20:49 - 2013-11-02 02:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 20:49 - 2013-11-02 02:13 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 20:49 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-11 20:49 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-11 20:49 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 20:49 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 20:49 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 20:49 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 20:49 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 20:49 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-11 20:49 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-11 20:49 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 20:49 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-11 20:49 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-11 20:49 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-11 20:49 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 20:49 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe 2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe 2013-12-06 19:50 - 2013-12-06 20:01 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk 2013-12-06 19:50 - 2013-12-06 20:01 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2013-12-06 19:49 - 2013-12-06 19:50 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-06 19:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2013-12-06 19:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2013-12-06 19:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2013-12-06 19:49 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2013-12-06 19:49 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2013-12-06 19:49 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2013-12-06 19:49 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2013-12-06 19:49 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2013-12-06 19:49 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2013-12-06 19:49 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2013-12-06 19:49 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2013-12-06 19:49 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2013-12-06 19:49 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2013-12-06 19:49 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-12-06 19:49 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2013-12-06 19:49 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2013-12-06 19:49 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2013-12-06 19:49 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2013-12-06 19:49 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2013-12-06 19:49 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2013-12-06 19:49 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2013-12-06 19:49 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2013-12-06 19:49 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2013-12-06 19:49 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2013-12-06 19:49 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2013-12-06 19:49 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2013-12-06 19:49 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2013-12-06 19:49 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2013-12-06 19:49 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2013-12-06 19:49 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2013-12-06 19:49 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2013-12-06 19:49 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2013-12-06 19:49 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2013-12-06 19:49 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2013-12-06 19:49 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2013-12-06 19:49 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2013-12-06 19:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2013-12-06 19:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2013-12-06 19:49 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2013-12-06 19:49 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2013-12-06 19:49 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2013-12-06 19:49 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2013-12-06 19:49 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2013-12-06 19:49 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2013-12-06 19:49 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2013-12-06 19:49 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2013-12-06 19:49 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2013-12-06 19:49 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2013-12-06 19:49 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2013-12-06 19:49 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2013-12-06 19:49 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2013-12-06 19:49 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2013-12-06 19:49 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2013-12-06 19:49 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2013-12-06 19:49 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2013-12-06 19:49 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2013-12-06 19:49 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2013-12-06 19:49 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2013-12-06 19:49 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2013-12-06 19:49 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2013-12-06 19:49 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2013-12-06 19:49 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2013-12-06 19:49 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2013-12-06 19:49 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2013-12-06 19:49 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2013-12-06 19:49 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2013-12-06 19:49 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2013-12-06 19:49 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2013-12-06 19:49 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2013-12-06 19:49 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2013-12-06 19:49 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2013-12-06 19:49 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2013-12-06 19:49 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2013-12-06 19:49 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2013-12-06 19:49 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2013-12-06 19:49 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2013-12-06 19:49 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2013-12-06 19:49 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2013-12-06 19:49 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2013-12-06 19:49 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2013-12-06 19:49 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2013-12-06 19:49 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2013-12-06 17:51 - 2013-12-06 20:59 - 00013978 _____ C:\Windows\IE11_main.log 2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys ==================== One Month Modified Files and Folders ======= 2013-12-16 23:44 - 2013-12-16 23:43 - 00010566 _____ C:\Users\Kian\Desktop\FRST.txt 2013-12-16 23:43 - 2013-12-16 23:43 - 01927940 _____ (Farbar) C:\Users\Kian\Desktop\FRST64.exe 2013-12-16 23:41 - 2013-12-16 23:41 - 00001077 _____ C:\Users\Kian\Desktop\JRT.txt 2013-12-16 23:41 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-16 23:41 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-16 23:38 - 2010-11-21 07:50 - 00696832 _____ C:\Windows\system32\perfh007.dat 2013-12-16 23:38 - 2010-11-21 07:50 - 00148128 _____ C:\Windows\system32\perfc007.dat 2013-12-16 23:38 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-16 23:37 - 2013-12-16 23:37 - 01034531 _____ (Thisisu) C:\Users\Kian\Desktop\JRT.exe 2013-12-16 23:37 - 2013-12-16 23:37 - 00000000 ____D C:\Windows\ERUNT 2013-12-16 23:37 - 2013-08-15 20:40 - 01981136 _____ C:\Windows\WindowsUpdate.log 2013-12-16 23:33 - 2013-08-15 22:28 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-16 23:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-16 23:33 - 2009-07-14 05:51 - 02481511 _____ C:\Windows\setupact.log 2013-12-16 23:32 - 2013-12-16 23:31 - 00000000 ____D C:\AdwCleaner 2013-12-16 23:32 - 2013-08-15 22:30 - 00001287 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-16 23:32 - 2013-08-15 22:19 - 00001173 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-16 23:32 - 2013-08-15 22:19 - 00000990 _____ C:\Users\Kian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-12-16 23:31 - 2013-12-16 23:31 - 01226750 _____ C:\Users\Kian\Desktop\adwcleaner.exe 2013-12-16 23:05 - 2013-07-10 12:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-16 22:58 - 2013-08-15 22:28 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-16 22:51 - 2013-11-15 17:51 - 00000090 _____ C:\Users\Kian\AppData\Roaming\WB.CFG 2013-12-16 22:51 - 2013-11-15 17:51 - 00000006 _____ C:\Users\Kian\AppData\Roaming\WBPU-TTL.DAT 2013-12-16 22:26 - 2013-12-16 21:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-12-16 22:26 - 2013-12-16 21:43 - 00000000 ____D C:\Users\Kian\Desktop\mbar 2013-12-16 22:08 - 2013-12-16 21:45 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-12-16 22:08 - 2013-12-16 21:43 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-12-16 21:45 - 2013-12-16 21:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-16 21:42 - 2013-12-16 21:42 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Kian\Desktop\mbar-1.07.0.1008.exe 2013-12-12 22:04 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-12 22:04 - 2009-07-14 05:45 - 00292904 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-11 23:24 - 2013-12-11 23:24 - 00000000 ____D C:\FRST 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\Documents\My Received Files 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\Users\Kian\AppData\Roaming\MusicNet 2013-12-11 23:22 - 2013-12-11 23:22 - 00000000 ____D C:\ProgramData\3B2E1 2013-12-11 21:59 - 2013-12-11 21:59 - 00008466 _____ C:\Users\Kian\Desktop\Ereignisse.txt 2013-12-11 21:31 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Kian 2013-12-11 21:05 - 2013-07-10 12:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 21:05 - 2013-07-10 12:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 21:05 - 2013-07-10 12:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-11 20:53 - 2013-08-15 22:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-11 20:53 - 2013-08-15 22:28 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-11 20:50 - 2013-08-22 17:34 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-11 20:50 - 2013-08-22 17:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-12-11 20:44 - 2013-08-15 19:42 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-12-11 20:44 - 2010-11-21 04:47 - 00125788 _____ C:\Windows\PFRO.log 2013-12-06 20:59 - 2013-12-06 17:51 - 00013978 _____ C:\Windows\IE11_main.log 2013-12-06 20:56 - 2013-12-06 20:56 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130 (1).exe 2013-12-06 20:55 - 2013-12-06 20:55 - 03821064 _____ C:\Users\Kian\Downloads\battlelog-web-plugins_2.3.2_130.exe 2013-12-06 20:01 - 2013-12-06 19:50 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 4.lnk 2013-12-06 20:01 - 2013-12-06 19:50 - 00000687 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2013-12-06 19:50 - 2013-12-06 19:49 - 00000000 ____D C:\ProgramData\Package Cache 2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-12-06 19:50 - 2013-08-15 16:42 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-12-06 19:50 - 2013-08-15 16:42 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe 2013-12-06 19:49 - 2013-04-23 09:05 - 00044654 _____ C:\Windows\DirectX.log 2013-12-06 18:51 - 2013-08-15 15:42 - 00000000 ____D C:\Program Files (x86)\Origin 2013-12-02 23:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-11-29 17:44 - 2013-12-11 20:59 - 00252688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2013-11-29 17:43 - 2013-12-11 20:59 - 00126736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2013-11-29 17:43 - 2013-11-29 17:43 - 00140560 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys Some content of TEMP: ==================== C:\Users\Kian\AppData\Local\Temp\avgnt.exe C:\Users\Kian\AppData\Local\Temp\Gw2.exe C:\Users\Kian\AppData\Local\Temp\Quarantine.exe C:\Users\Kian\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-02 23:14 ==================== End Of Log ============================ Addition Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2013 02 Ran by Kian at 2013-12-16 23:44:42 Running from C:\Users\Kian\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0328.2218.38225) AMD Media Foundation Decoders (Version: 1.0.80328.2204) AMD Steady Video Plug-In (Version: 2.06.0000) AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.16.2.0) Avira Free Antivirus (x32 Version: 14.0.1.759) Battlefield 3™ (x32 Version: 1.0.0.0) Battlefield 4™ (x32 Version: 1.0.0.1) Battlelog Web Plugins (x32 Version: 2.3.2) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) D3DX10 (x32 Version: 15.4.2368.0902) Drakensang - Am Fluss der Zeit (x32) ESN Sonar (x32 Version: 0.70.4) Fotogalerie (x32 Version: 16.4.3503.0728) Galería de fotos (x32 Version: 16.4.3503.0728) Galeria fotografii (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Google Chrome (x32 Version: 31.0.1650.63) Google Update Helper (x32 Version: 1.3.22.3) Guild Wars 2 (x32) Junk Mail filter update (x32 Version: 16.4.3503.0728) McAfee Security Scan Plus (Version: 3.8.130.10) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 15.0.4454.1510) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610) Movie Maker (x32 Version: 16.4.3503.0728) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) NVIDIA PhysX (x32 Version: 9.10.0513) Origin (x32 Version: 8.5.0.4518) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) Poczta usługi Windows Live (x32 Version: 16.4.3503.0728) Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728) PunkBuster Services (x32 Version: 0.993) Raccolta foto (x32 Version: 16.4.3503.0728) Razer Synapse 2.0 (x32 Version: 1.13.1) Realtek Ethernet Controller Driver (x32 Version: 7.61.612.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662) Two Worlds II (x32 Version: 1.3.2.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Update for PDF Reader (HKCU) <==== ATTENTION Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Family Safety (Version: 16.4.3503.0728) Windows Live Family Safety (x32 Version: 16.4.3503.0728) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Mail (x32 Version: 16.4.3503.0728) Windows Live Messenger (x32 Version: 16.4.3503.0728) Windows Live MIME IFilter (Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) Windows Live Writer (x32 Version: 16.4.3503.0728) Windows Live Writer Resources (x32 Version: 16.4.3503.0728) ==================== Restore Points ========================= 06-12-2013 16:50:53 Windows Update 06-12-2013 18:49:05 DirectX wurde installiert 06-12-2013 18:49:44 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 06-12-2013 18:49:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 06-12-2013 19:59:02 Windows Update 11-12-2013 19:54:34 Windows-Sicherung 11-12-2013 19:57:22 Installed Oracle VM VirtualBox 4.3.4 11-12-2013 20:15:13 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 11-12-2013 20:15:24 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 11-12-2013 20:15:44 Removed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 11-12-2013 20:16:27 Removed Oracle VM VirtualBox 4.3.4 11-12-2013 20:39:21 Installed VMLite Workstation 11-12-2013 22:59:46 Windows Update 16-12-2013 20:41:49 Windows Update 16-12-2013 20:48:18 Windows-Sicherung ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem Task: {714DC00A-9AEE-4DA0-9F53-2E41FAC3CF3F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {78D933BF-1EA0-404F-B143-CA40DFB442C9} - \DigitalSite No Task File Task: {81C6C442-BB3A-4D82-A29B-733AC6A85AF7} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART Task: {8334ED72-F9DF-4506-96A4-0AA454D74025} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File Task: {95A5714F-11EC-4D0C-91E2-A5775FBAA34A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.) Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation Task: {A71306E9-AB61-4332-97D9-E4A7000017CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.) Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate Task: {B98C1B95-AA69-45D4-8AC0-51E05383A294} - \BonanzaDealsUpdate No Task File Task: {D0E47C5E-949E-4DA4-A85F-CB91BFCEA8C7} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange Task: {F2B1FED7-170F-4580-A842-C372CD0294F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-08-22 17:32 - 2013-07-18 07:02 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-12-06 17:56 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-06 17:56 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-06 17:56 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-06 17:56 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-06 17:56 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll 2013-12-06 17:56 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-12-11 20:44:30.544 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 20:55:04.047 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 20:46:35.090 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 20:10:58.444 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 19:50:21.439 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-06 18:57:24.031 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-15 20:07:36.783 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-15 19:41:48.160 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-15 19:22:57.608 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-11-15 19:03:05.264 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 16285.32 MB Available physical RAM: 13863.59 MB Total Pagefile: 32568.81 MB Available Pagefile: 29793.32 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Win7HPx64) (Fixed) (Total:119.24 GB) (Free:3.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:741.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9BABD94F) Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8C06C8CD) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
17.12.2013, 00:01 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Wysotot.Gen eingefangen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
17.12.2013, 00:38 | #15 |
| TR/Wysotot.Gen eingefangen Hier schonmal der Report vom Quick Scan Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.16.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Kian :: KIAN-PC [Administrator] 17.12.2013 00:10:02 mbam-log-2013-12-17 (00-10-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205016 Laufzeit: 1 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\$Recycle.Bin\S-1-5-21-3182670764-3704417578-619566864-1001\$RB8SJL3.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-3182670764-3704417578-619566864-1001\$RKVADPI.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kian\AppData\Local\Temp\is1590112554\273305_stp\cor_aartemis.exe (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kian\AppData\Local\Temp\is1590112554\273363_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kian\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kian\Downloads\PDFReaderSetup.exe (PUP.Optional.JumpyApps.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Das mit dem ESET Online Scanner mache ich gleich auch noch. Das mit dem ESET muss ich morgen machen, dauert ja doch recht lange |
Themen zu TR/Wysotot.Gen eingefangen |
aartemis, aartemis entfernen, adware/installcore.gen, antivir, appdata, computer, dateien, fehler, internet, malware, malware gefunden, neu, neue, programm, quarantäne, schnell, screenshot, temp, tmp, tr/wysotot.gen, unerwünschtes programm, viren, virtualbox, zugriff, zugriff verweigert |