| |
| |||||||
Log-Analyse und Auswertung: Windows 8 64, keine Tastatur mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.12.2013, 20:44
| #1 |
 |  Windows 8 64, keine Tastatur mehr hallo. ich habe z.Zt. nur ne virtuelle Tastatur. Bitte seht mir die Typos nach  Wie kam es dazu ? Ich musste neu booten weil es auf meinem acer NB keinen freien arbeitsspeicher mehr gab... zunächst fiel mir nach dem dabei erfolgten windows update auf, das ACDeamon (arcsoft client)mit 0xc0000022 nicht startete. Zuvor wunderte ich nich, warum die FFnightly updates nicht funktionierten. bitkeeper free sagte nichts. Beunruhigt hat mich dann, das auch zemana antikeylogger auch nicht mehr startete. malware bytes wurde fündig: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.12.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 admin :: 1111[Administrator] C:\Program Files (x86)\Common Files\snpstd3\tsnpstd3.exe (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\admin\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Code:
ATTFilter C:\Program Files (x86)\Common Files\snpstd3\tsnpstd3.exe (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt
Der antikeylogger startete aber immer noch nicht . Reinstallation schlug fehl. Deinstallation brach mit Fehlermeldung ab, .. seit dem habe ich keine Tastatur mehr . windows sagt es würde c:/windows/system/DRIVERS/kbdhid.sys und kbdclass.sys f. radio controler verwenden . an dem ort gibt es aber kaum treiber.. Ich kann offenboffenbar nichts mehr installieren. der download von firefox.exe wird immer noch verwehrt . gmer wirft 3 fehlermeldungen bez ntuser,config,ssystem, Dateien seien geöffnet . hilfe.. sfc/scannow bricht bei 54% ab. ich könnte ein recovery machen, aber nicht klar ist was los lieber nicht . Code:
ATTFilter
Protokollname: Microsoft-Windows-Kernel-PnP/Configuration
Quelle: Microsoft-Windows-Kernel-PnP
Datum: 12.12.2013 13:22:51
Ereignis-ID: 400
Aufgabenkategorie:Keine
Ebene: Informationen
Schlüsselwörter:
Benutzer: SYSTEM
Computer: Derda
Beschreibung:
Device HID\10250759&Col01\5&1b50cc66&0&0000 was configured.
Driver Name: keyboard.inf
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Driver Date: 06/21/2006
Driver Version: 6.2.9200.16548
Driver Provider: Microsoft
Driver Section: HID_Keyboard_Inst.NT
Driver Rank: 0xFF1003
Matching Device ID: HID_DEVICE_SYSTEM_KEYBOARD
Outranked Drivers: input.inf:HID_DEVICE:00FF1005
Device Updated: false
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>400</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2013-12-12T12:22:51.183496800Z" />
<EventRecordID>842</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="208" />
<Channel>Microsoft-Windows-Kernel-PnP/Configuration</Channel>
<Computer>Derda</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DeviceInstanceID">HID\10250759&Col01\5&1b50cc66&0&0000</Data>
<Data Name="DriverName">keyboard.inf</Data>
<Data Name="ClassGUID">{4D36E96B-E325-11CE-BFC1-08002BE10318}</Data>
<Data Name="DriverDate">06/21/2006</Data>
<Data Name="DriverVersion">6.2.9200.16548</Data>
<Data Name="DriverProvider">Microsoft</Data>
<Data Name="DriverInbox">true</Data>
<Data Name="DriverSection">HID_Keyboard_Inst.NT</Data>
<Data Name="DriverRank">0xff1003</Data>
<Data Name="MatchingDeviceID">HID_DEVICE_SYSTEM_KEYBOARD</Data>
<Data Name="OutrankedDrivers">input.inf:HID_DEVICE:00FF1005</Data>
<Data Name="DeviceUpdated">false</Data>
<Data Name="Status">0x0</Data>
</EventData>
</Event>
HID\VEN_1025&DEV_0759&Col01
Protokollname: Microsoft-Windows-Kernel-PnP/Configuration
Quelle: Microsoft-Windows-Kernel-PnP
Datum: 12.12.2013 13:22:51
Ereignis-ID: 400
Aufgabenkategorie:Keine
Ebene: Informationen
Schlüsselwörter:
Benutzer: SYSTEM
Computer: Derda
Beschreibung:
Device HID\10250759&Col01\5&1b50cc66&0&0000 was configured.
Driver Name: keyboard.inf
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Driver Date: 06/21/2006
Driver Version: 6.2.9200.16548
Driver Provider: Microsoft
Driver Section: HID_Keyboard_Inst.NT
Driver Rank: 0xFF1003
Matching Device ID: HID_DEVICE_SYSTEM_KEYBOARD
Outranked Drivers: input.inf:HID_DEVICE:00FF1005
Device Updated: false
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>400</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2013-12-12T12:22:51.183496800Z" />
<EventRecordID>842</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="208" />
<Channel>Microsoft-Windows-Kernel-PnP/Configuration</Channel>
<Computer>Derda</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DeviceInstanceID">HID\10250759&Col01\5&1b50cc66&0&0000</Data>
<Data Name="DriverName">keyboard.inf</Data>
<Data Name="ClassGUID">{4D36E96B-E325-11CE-BFC1-08002BE10318}</Data>
<Data Name="DriverDate">06/21/2006</Data>
<Data Name="DriverVersion">6.2.9200.16548</Data>
<Data Name="DriverProvider">Microsoft</Data>
<Data Name="DriverInbox">true</Data>
<Data Name="DriverSection">HID_Keyboard_Inst.NT</Data>
<Data Name="DriverRank">0xff1003</Data>
<Data Name="MatchingDeviceID">HID_DEVICE_SYSTEM_KEYBOARD</Data>
<Data Name="OutrankedDrivers">input.inf:HID_DEVICE:00FF1005</Data>
<Data Name="DeviceUpdated">false</Data>
<Data Name="Status">0x0</Data>
</EventData>
</Event>
Der Gerätetreiber für diese Hardware kann nicht geladen werden. Der Treiber ist möglicherweise beschädigt oder nicht vorhanden. (Code 39)
hid Tastatur
ort:radio controler
{Treiber konnte nicht geladen werden}
%hs Gerätetreiber konnte(n) nicht geladen werden.
Fehler: 0x%x
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by admin (administrator) on DERDA on 12-12-2013 16:35:10
Running from C:\Users\admin\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode:
==================== Processes (Whitelisted) =================
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files\ProgDVB\ProgDvbService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(KARPOLAN) C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndasmgmt.exe
(pdfforge GmbH) C:\Program Files (x86)\PDFCreator\PDFCreator.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dr. J. Rathlev, D-24222 Schwentinental) C:\Program Files\Personal Backup 5\Persbackup.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(NewSoft) C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
() C:\Windows\FixCamera.exe
(Mozilla Corporation) C:\Program Files (x86)\Nightly\firefox.exe
() C:\Windows\vsnpstd3.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Crystal Dew World) C:\Users\admin\Documents\CrystalDiskInfo5_4_2x64\DiskInfoX64.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander\FcContextMenu64.exe
() C:\Users\admin\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872208 2013-02-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [KeyboardLeds.exe] - C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-06] (KARPOLAN)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TERRATEC\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems)
HKCU\...\Run: [ProgLauncher] - C:\Program Files\ProgDVB\ProgLauncher.exe [569768 2013-05-15] ()
MountPoints2: F - "F:\tools\shelexec.exe" html\index.htm
MountPoints2: G - "G:\Install.exe"
MountPoints2: {563f593c-753f-11e2-be9e-b888e39f4ef9} - "E:\pcwstart.exe"
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - [x]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [ChangeFilterMerit] - C:\Program Files (x86)\NewSoft\Presto! PVR\ChangeFilterMerit.exe [51280 2007-06-08] (NewSoft)
HKLM-x32\...\Run: [Presto! PVR Monitor] - C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe [157592 2010-08-30] (NewSoft)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [ZALFree] - "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-09-29] ()
HKLM-x32\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
HKU\foto\...\Run: [KeyboardLeds.exe] - C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-06] (KARPOLAN)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL [ ] ()
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL [ ] ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM - DefaultScope {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL =
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - No File
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWOW64\WowCtl2.dll (EzTools Software)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.51.23.11
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\100-search-engines.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\amazonde-german.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\amazonde-wh.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\audiblecouk.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\dudende-suche.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\frankfurt-kurse.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\googletranslate.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\pdf-ebook-searches.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\read-books-online.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\webster.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\wikipedia-eng.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\wikipedia-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ant Video Downloader - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\anttoolbar@ant.com
FF Extension: FireHbbTV - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\dlfr-firetv-plugin@atosorigin.com
FF Extension: Amazon Toolbar - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\FFAmazonShoppingToolbar@wangtom.com
FF Extension: HTTPS-Everywhere - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\https-everywhere@eff.org
FF Extension: Perspectives - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\perspectives@cmu.edu
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\staged
FF Extension: Flashblock - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: QuickWiki - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}
FF Extension: CertPatrol - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\CertPatrol@PSYC.EU.xpi
FF Extension: pwgen - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\pwgen@alouche.net.xpi
FF Extension: requestpolicy - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\requestpolicy@requestpolicy.com.xpi
FF Extension: uriloader - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\uriloader@pdf.js.xpi
FF Extension: defaults - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
FF Extension: noscript - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: prefs - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe
==================== Services (Whitelisted) =================
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2013-02-05] (ELAN Microelectronics Corp.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-24] (Bitdefender)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-09-29] ()
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2013-06-13] (Olof Lagerkvist)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-05] (Intel Corporation)
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [331752 2010-01-13] (XIMETA, Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60840 2013-05-15] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-28] (Dritek System INC.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)
==================== Drivers (Whitelisted) ====================
S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [30624 2013-01-28] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-06-11] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-06-11] (BitDefender)
R2 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [17488 2013-06-13] (Olof Lagerkvist)
S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [70656 2013-01-25] (ASIX Electronics Corp.)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-10-06] (Bitdefender SRL)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-06-11] (BitDefender LLC)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39520 2013-06-13] (Olof Lagerkvist)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [172640 2013-03-07] (ITE )
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [738792 2010-01-13] (XIMETA, Inc.)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2013-03-19] (hxxp://libusb-win32.sourceforge.net)
R0 lpx; C:\Windows\System32\DRIVERS\lpx6x.sys [151528 2010-01-13] (XIMETA, Inc.)
R3 ndasbus; C:\Windows\System32\drivers\ndasbus.sys [497640 2010-01-13] (XIMETA, Inc.)
R1 ndasfat; C:\Windows\System32\DRIVERS\ndasfat.sys [607720 2010-01-13] (Windows (R) Codename Longhorn DDK provider)
R0 ndasfs; C:\Windows\System32\DRIVERS\ndasfs.sys [746472 2010-01-13] (XIMETA, Inc.)
R1 ndasrofs; C:\Windows\System32\DRIVERS\ndasrofs.sys [1053160 2010-01-13] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\drivers\ndasscsi.sys [486888 2010-01-13] (XIMETA, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-28] (Dritek System Inc.)
S3 RTL2832UBDA; C:\Windows\SysWow64\drivers\RTL2832UBDA.sys [174368 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWow64\Drivers\RTL2832UUSB.sys [38944 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWow64\drivers\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1051752 2012-06-02] (Realtek Semiconductor Corporation )
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [130960 2013-02-03] (Ray Hinchliffe)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-22] (BitDefender S.R.L.)
S3 ALSysIO; \??\C:\Users\admin\AppData\Local\Temp\ALSysIO64.sys [x]
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2013-06-11] (BitDefender)
S3 cpuz135; \??\C:\Users\admin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S1 HWiNFO32; \??\C:\Users\admin\AppData\Local\Temp\HWiNFO64A.SYS [x]
S3 iscFlash; \??\C:\Users\admin\AppData\Local\Temp\7zSA868.tmp\iscflashx64.sys [x]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]
S3 TDKLIB; \??\C:\Users\admin\AppData\Local\Temp\7zS40D4.tmp\TdkLib64.sys [x]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [x]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-12 16:32 - 2013-12-12 16:32 - 00000472 _____ C:\Users\admin\Downloads\defogger_disable.log
2013-12-12 16:32 - 2013-12-12 16:32 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-12-12 16:31 - 2013-12-12 16:32 - 00050477 _____ C:\Users\admin\Downloads\Defogger.exe
2013-12-12 16:19 - 2013-12-12 16:35 - 00025770 _____ C:\Users\admin\Downloads\FRST.txt
2013-12-12 16:19 - 2013-12-12 16:20 - 00052128 _____ C:\Users\admin\Downloads\FRST20131212.txt
2013-12-12 16:19 - 2013-12-12 16:19 - 01927106 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-12-12 16:14 - 2013-12-12 16:14 - 01226802 _____ C:\Users\admin\Downloads\adwcleaner(3).exe
2013-12-12 13:36 - 2013-12-12 16:04 - 00000000 ____D C:\Program Files (x86)\Nightly
2013-12-12 13:03 - 2013-12-12 13:05 - 21397296 _____ (Zemana Ltd. ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.503.exe
2013-12-12 13:00 - 2013-12-12 13:02 - 21928088 _____ (Zemana Ltd. ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.506.exe
2013-12-12 12:28 - 2013-12-12 12:29 - 00343248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 21:03 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 21:03 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 21:03 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 21:03 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 21:03 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 21:03 - 2013-10-25 05:44 - 01140736 _____ C:\Windows\SysWOW64\urlmon.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-11 21:02 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 21:02 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 21:02 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 21:02 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-11 21:02 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-11 21:02 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-11 21:02 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-11 21:02 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-11 21:02 - 2013-10-03 23:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-11 21:02 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-11 21:02 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-11 21:02 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-11 21:02 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 21:02 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-11 21:02 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-11 21:02 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-11 21:02 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-11 21:02 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-11 21:01 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 21:01 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 21:01 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 21:01 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 21:01 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 21:01 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-11 21:01 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 21:01 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 21:01 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 21:01 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-11 21:01 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 21:56 - 2013-12-10 21:56 - 02520814 _____ (Dominik Reichl ) C:\Users\admin\Downloads\KeePass-2.24-Setup.exe
2013-12-10 21:43 - 2013-12-10 21:45 - 29704568 _____ (Mozilla) C:\Users\admin\Downloads\firefox-29.0a1.en-US.win32.installer.exe
2013-12-02 00:14 - 2013-12-02 00:40 - 00003464 _____ C:\Users\admin\Documents\sonya7.txt
2013-11-29 23:18 - 2013-11-29 23:18 - 02762264 _____ (Sony Corporation) C:\Users\admin\Downloads\PMHOME_3021DL.exe
2013-11-28 00:28 - 2013-12-12 15:47 - 00001123 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2013-11-28 00:27 - 2013-12-12 15:47 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2013-11-28 00:27 - 2013-12-10 21:47 - 00001093 _____ C:\Users\Public\Desktop\Nightly.lnk
2013-11-27 22:15 - 2013-11-27 22:15 - 00001109 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2013-11-27 22:14 - 2013-11-27 22:14 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49(1).exe
2013-11-23 10:54 - 2013-11-23 10:54 - 00001869 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-11-23 10:32 - 2013-11-23 11:07 - 381421623 _____ C:\Users\admin\Downloads\kav_rescue_10.iso
2013-11-23 10:31 - 2013-11-23 11:03 - 513658880 _____ C:\Users\admin\Downloads\bitdefender-rescue-cd.iso
2013-11-23 10:28 - 2013-11-23 10:29 - 15507456 _____ C:\Users\admin\Downloads\dban-2.2.8_i586.iso
2013-11-23 10:21 - 2013-11-23 10:21 - 01225161 _____ (pendrivelinux.com) C:\Users\admin\Downloads\YUMI-1.9.9.6B.exe
2013-11-23 01:03 - 2013-11-23 01:03 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-21 23:18 - 2013-11-21 23:18 - 00007812 _____ C:\Users\admin\Documents\2013-antjeabschied.wlmp
2013-11-21 23:01 - 2013-12-10 21:51 - 00000000 ____D C:\ProgramData\ClassicShell
2013-11-21 22:49 - 2013-11-21 22:49 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-21 22:49 - 2013-11-21 22:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\pdfforge
2013-11-21 22:49 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-11-21 22:49 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-11-21 22:49 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-11-21 22:49 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-11-21 22:49 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-11-21 22:49 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-11-21 22:43 - 2013-11-21 22:43 - 17810632 _____ (pdfforge GmbH) C:\Users\admin\Downloads\PDFCreator-1_7_1_setup(1).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 05368984 _____ C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2(2).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 00001808 _____ C:\Users\Public\Desktop\Canon My Printer.lnk
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files\Canon
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-16 19:08 - 2013-11-16 19:08 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49.exe
2013-11-15 19:19 - 2013-11-27 23:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:21 - 00000000 ____D C:\Program Files\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:18 - 00001614 _____ C:\Users\admin\Desktop\XnViewMP.lnk
2013-11-15 19:02 - 2013-11-15 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:53 - 2013-11-14 23:53 - 01159088 _____ (Gougelet Pierre-e ) C:\Users\admin\Downloads\XnShellEx64.exe
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64.zip
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64(1).zip
2013-11-14 23:50 - 2013-11-14 23:51 - 27255484 _____ C:\Users\admin\Downloads\XnViewMP-win-x64.zip
2013-11-14 23:49 - 2013-11-14 23:51 - 22475336 _____ (Gougelet Pierre-e ) C:\Users\admin\Downloads\XnViewMP-win-x64.exe
2013-11-14 23:47 - 2013-11-14 23:48 - 13829599 _____ C:\Users\admin\Downloads\XnConvert-win-x64.zip
2013-11-14 23:47 - 2013-11-14 23:48 - 12613187 _____ (Gougelet Pierre-e ) C:\Users\admin\Downloads\XnConvert-win-x64.exe
2013-11-14 23:41 - 2013-12-04 01:53 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-14 23:41 - 2013-12-04 01:53 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 21:06 - 2013-11-13 21:16 - 188059736 _____ C:\Users\admin\Downloads\Update_NEX6V102.exe
2013-11-13 20:33 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 20:33 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 20:33 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 20:33 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 20:33 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 20:33 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 20:33 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 20:33 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 20:33 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 20:33 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 20:33 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 20:33 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 20:33 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-13 20:32 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 20:32 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:32 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 20:32 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:32 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:32 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:32 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:32 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:32 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:32 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:32 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 20:32 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 20:31 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:31 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
==================== One Month Modified Files and Folders =======
2013-12-12 16:35 - 2013-12-12 16:19 - 00025770 _____ C:\Users\admin\Downloads\FRST.txt
2013-12-12 16:32 - 2013-12-12 16:32 - 00000472 _____ C:\Users\admin\Downloads\defogger_disable.log
2013-12-12 16:32 - 2013-12-12 16:32 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-12-12 16:32 - 2013-12-12 16:31 - 00050477 _____ C:\Users\admin\Downloads\Defogger.exe
2013-12-12 16:32 - 2013-01-23 20:14 - 00000000 ____D C:\Users\admin
2013-12-12 16:20 - 2013-12-12 16:19 - 00052128 _____ C:\Users\admin\Downloads\FRST20131212.txt
2013-12-12 16:19 - 2013-12-12 16:19 - 01927106 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-12-12 16:14 - 2013-12-12 16:14 - 01226802 _____ C:\Users\admin\Downloads\adwcleaner(3).exe
2013-12-12 16:04 - 2013-12-12 13:36 - 00000000 ____D C:\Program Files (x86)\Nightly
2013-12-12 16:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-12 15:50 - 2012-08-28 17:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-12-12 15:50 - 2012-08-28 17:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-12-12 15:50 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 15:48 - 2013-03-08 23:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 15:47 - 2013-11-28 00:28 - 00001123 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2013-12-12 15:47 - 2013-11-28 00:27 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2013-12-12 15:47 - 2013-02-02 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\FreePDF_XP
2013-12-12 15:47 - 2013-01-23 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-12 15:45 - 2013-03-31 20:39 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-12-12 15:45 - 2013-03-31 20:19 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-12-12 15:45 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 15:44 - 2013-03-31 20:18 - 00029336 _____ C:\Windows\system32\wpbbin.exe
2013-12-12 15:44 - 2013-03-31 20:18 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-12-12 15:44 - 2013-03-31 20:18 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2013-12-12 14:26 - 2013-11-03 00:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\ClassicShell
2013-12-12 14:26 - 2013-08-22 20:22 - 01558003 _____ C:\Windows\WindowsUpdate.log
2013-12-12 14:06 - 2013-10-10 19:39 - 00065536 ___SH C:\Users\admin\Desktop\Thumbs.db
2013-12-12 14:04 - 2013-10-03 20:33 - 00007102 _____ C:\Windows\PFRO.log
2013-12-12 13:27 - 2013-11-03 00:22 - 00000000 ____D C:\Users\admin\AppData\Local\Sidebar7
2013-12-12 13:26 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-12 13:07 - 2013-08-23 17:44 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2013-12-12 13:05 - 2013-12-12 13:03 - 21397296 _____ (Zemana Ltd. ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.503.exe
2013-12-12 13:02 - 2013-12-12 13:00 - 21928088 _____ (Zemana Ltd. ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.506.exe
2013-12-12 12:34 - 2013-03-31 20:39 - 00069792 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
2013-12-12 12:29 - 2013-12-12 12:28 - 00343248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 12:28 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-12 12:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-12-12 12:00 - 2013-08-23 17:48 - 00000000 ____D C:\Program Files\Personal Backup 5
2013-12-12 11:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-11 21:22 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-10 22:38 - 2013-02-27 21:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\KeePass
2013-12-10 21:56 - 2013-12-10 21:56 - 02520814 _____ (Dominik Reichl ) C:\Users\admin\Downloads\KeePass-2.24-Setup.exe
2013-12-10 21:51 - 2013-11-21 23:01 - 00000000 ____D C:\ProgramData\ClassicShell
2013-12-10 21:48 - 2013-03-08 23:19 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:47 - 2013-11-28 00:27 - 00001093 _____ C:\Users\Public\Desktop\Nightly.lnk
2013-12-10 21:45 - 2013-12-10 21:43 - 29704568 _____ (Mozilla) C:\Users\admin\Downloads\firefox-29.0a1.en-US.win32.installer.exe
2013-12-10 20:18 - 2013-10-14 14:36 - 00000889 _____ C:\Users\Public\Desktop\Personal Backup 5.lnk
2013-12-10 11:51 - 2013-08-23 17:52 - 00000000 ____D C:\Users\admin\Documents\PersBackup
2013-12-04 01:53 - 2013-11-14 23:41 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:53 - 2013-11-14 23:41 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-02 00:40 - 2013-12-02 00:14 - 00003464 _____ C:\Users\admin\Documents\sonya7.txt
2013-12-02 00:05 - 2013-01-23 22:03 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2013-12-01 19:00 - 2013-02-02 12:30 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-12-01 18:39 - 2013-01-26 11:13 - 00000000 ____D C:\ProgramData\VMware
2013-12-01 18:37 - 2013-01-26 11:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\VMware
2013-11-29 23:18 - 2013-11-29 23:18 - 02762264 _____ (Sony Corporation) C:\Users\admin\Downloads\PMHOME_3021DL.exe
2013-11-29 21:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-27 23:09 - 2013-11-15 19:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\XnViewMP
2013-11-27 22:15 - 2013-11-27 22:15 - 00001109 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2013-11-27 22:14 - 2013-11-27 22:14 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49(1).exe
2013-11-23 11:07 - 2013-11-23 10:32 - 381421623 _____ C:\Users\admin\Downloads\kav_rescue_10.iso
2013-11-23 11:03 - 2013-11-23 10:31 - 513658880 _____ C:\Users\admin\Downloads\bitdefender-rescue-cd.iso
2013-11-23 10:54 - 2013-11-23 10:54 - 00001869 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-11-23 10:29 - 2013-11-23 10:28 - 15507456 _____ C:\Users\admin\Downloads\dban-2.2.8_i586.iso
2013-11-23 10:21 - 2013-11-23 10:21 - 01225161 _____ (pendrivelinux.com) C:\Users\admin\Downloads\YUMI-1.9.9.6B.exe
2013-11-23 07:43 - 2013-12-11 21:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-23 06:05 - 2013-12-11 21:01 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 01:03 - 2013-11-23 01:03 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-21 23:36 - 2013-01-23 20:20 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3276366552-786151760-3577432824-1001
2013-11-21 23:18 - 2013-11-21 23:18 - 00007812 _____ C:\Users\admin\Documents\2013-antjeabschied.wlmp
2013-11-21 23:01 - 2013-06-25 21:16 - 00000000 ____D C:\Users\admin\AppData\Local\Windows Live
2013-11-21 22:49 - 2013-11-21 22:49 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-21 22:49 - 2013-11-21 22:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\pdfforge
2013-11-21 22:49 - 2013-05-12 22:37 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-11-21 22:43 - 2013-11-21 22:43 - 17810632 _____ (pdfforge GmbH) C:\Users\admin\Downloads\PDFCreator-1_7_1_setup(1).exe
2013-11-17 22:48 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-17 22:47 - 2013-11-17 22:47 - 05368984 _____ C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2(2).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 00001808 _____ C:\Users\Public\Desktop\Canon My Printer.lnk
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files\Canon
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-17 00:40 - 2013-07-12 23:19 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-11-16 22:43 - 2013-08-23 21:52 - 00001021 _____ C:\Users\admin\Documents\dependednd.txt
2013-11-16 19:08 - 2013-11-16 19:08 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49.exe
2013-11-15 19:21 - 2013-11-15 19:18 - 00000000 ____D C:\Program Files\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:18 - 00001614 _____ C:\Users\admin\Desktop\XnViewMP.lnk
2013-11-15 19:02 - 2013-11-15 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:53 - 2013-11-14 23:53 - 01159088 _____ (Gougelet Pierre-e ) C:\Users\admin\Downloads\XnShellEx64.exe
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64.zip
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64(1).zip
2013-11-14 23:51 - 2013-11-14 23:50 - 27255484 _____ C:\Users\admin\Downloads\XnViewMP-win-x64.zip
2013-11-14 23:51 - 2013-11-14 23:49 - 22475336 _____ (Gougelet Pierre-e ) C:\Users\admin\Downloads\XnViewMP-win-x64.exe
2013-11-14 23:48 - 2013-11-14 23:47 - 13829599 _____ C:\Users\admin\Downloads\XnConvert-win-x64.zip
2013-11-14 23:48 - 2013-11-14 23:47 - 12613187 _____ (Gougelet Pierre-e ) C:\Users\admin\Downloads\XnConvert-win-x64.exe
2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 23:34 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-13 21:16 - 2013-11-13 21:06 - 188059736 _____ C:\Users\admin\Downloads\Update_NEX6V102.exe
2013-11-13 20:49 - 2013-08-14 16:19 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 20:46 - 2013-01-23 21:20 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\ANT1CB8.exe
C:\Users\admin\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\admin\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\admin\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-10 12:15
==================== End Of Log ============================
gmer sind 750kB, wirklich nötig ? |
| Themen zu Windows 8 64, keine Tastatur mehr |
| adblock, antikeylogger, antivirus, bluestacks, booten, canon, converter, crystaldiskinfo, defender, downloader, fehlermeldung, flash player, ftp, gerätetreiber, home, homepage, install.exe, keine tastatur, launch, mozilla, performance, plug-in, realtek, registry, remote control, scan, security, services.exe, siteadvisor, software, svchost.exe, symantec, tastatur, temp, trojan.backdoor, updates, warum, wildtangent games, windows, windows 8, zemana |
Baum-Darstellung